During a post-exploitation session, you have a low-privilege shell on a Windows 10 host. Service enumeration shows a service named BackupAgent running as LocalSystem with the executable path C:\Program Files\Backup Agent\backupagent.exe, and the folder is writable by your user. The ImagePath value is not surrounded by quotes. What privilege-escalation method would most directly leverage this misconfiguration?
Drop a malicious backupagent.dll into the service directory to take advantage of DLL search order hijacking.
Set the AlwaysInstallElevated registry keys and run a crafted MSI package to gain SYSTEM privileges.
Place a malicious binary named C:\Program.exe and restart the service, exploiting an unquoted service path vulnerability.
Use the netsh add helper command to load a rogue DLL under the SYSTEM context.
When an ImagePath that contains spaces is not surrounded by quotation marks, Windows splits the string at the first space and attempts to execute the component C:\Program.exe, then C:\Program Files\Backup.exe, and so on. By writing a malicious C:\Program.exe that the attacker controls, restarting the service (or rebooting) causes the binary to be launched with the service's LocalSystem privileges, yielding full SYSTEM access. DLL search-order hijacking, AlwaysInstallElevated policy abuse, and netsh helper injection can also lead to privilege escalation, but they rely on different conditions that are not indicated by the information provided.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an unquoted service path vulnerability?
Open an interactive chat with Bash
How does restarting the service lead to privilege escalation?
Open an interactive chat with Bash
Why don't other methods like DLL hijacking work in this scenario?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .