This code example allows you to create a malware.exe sample that can be run in the context of a Windows system service, and could be used for local privilege escalation in the context of e.g. unquoted service path or file permisson vulnerability, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
- Replace the link to your hosted .bin payload
- Change the name of the service to your service
- Start the respective service and retreive session in system context
cmd>
sc start unquotedsvc
https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html