Nssm-2.24 Exploit ((full)) • Tested & Working

It may fail to launch services on Windows 10 Creators Update (or newer) unless AppNoConsole=1 is set in the registry.

: Versions of Odoo (e.g., 12.0) bundled nssm.exe with an unquoted service path, allowing local users to escalate privileges. nssm-2.24 exploit

Instead of the legitimate service manager, the SCM executed the attacker's payload. Within seconds, the low-privileged "shadow" account had been "elevated." The attacker now had privileges—the keys to the entire kingdom. It may fail to launch services on Windows