Service permission issues
In this recipe, we are going to look at how to escalate on weakly configured services. The core area of interest here is, when a service has been given all access. One can imagine the horrors of giving all access on a service when it runs with system privileges. In this recipe, we will look at a case study where Windows XP was shipped with vulnerable services and it was possible to execute system-level commands as low-privileged users. When such a case is possible, it is very easy to exploit and escalate privileges to a system.
Getting ready
For this activity, we will require a Windows XP machine. We will be exploiting the UPnP service that runs on the Windows XP OS. UPnP stands for Universal Plug and Play protocol. We will need the AccessChk tool is available in the Windows Sysinternals suite. It can be downloaded from (https://technet.microsoft.com/en-us/bb842062). Let's go ahead and start with our recipe.
How to do it...
- Once the Windows XP machine has been started...