Call Us Today! 8613728823411|

Nssm-2.24 Privilege Escalation ((link)) Page

NSSM 2.24 does not enforce a restrictive DACL (Discretionary Access Control List) on created services. Instead, it relies on Windows defaults, which may allow SERVICE_CHANGE_CONFIG to non-admin users when the service is created during an administrative session but without explicit security hardening.

Responsible testing and legal/ethical notes

refers to a class of local privilege escalation (LPE) vulnerabilities that occur when the Non-Sucking Service Manager (NSSM) v2.24 binary or its configuration is poorly secured within a Windows environment . NSSM is a widely trusted, open-source utility that allows administrators to wrap any script, command, or standard executable into a resilient Windows background service. However, because NSSM services typically execute with administrative or NT AUTHORITY\SYSTEM privileges, any misconfiguration or insecure permission set tied to the nssm.exe executable instantly turns the utility into a high-impact vector for local privilege escalation. The Core Concept: How NSSM Works

Knowing this will allow me to provide specific configuration scripts or audit commands for your workflow. AI responses may include mistakes. Learn more Share public link nssm-2.24 privilege escalation

Avoid running services under the LocalSystem account whenever possible. Configure services to run under dedicated low-privilege service accounts with only the minimum permissions necessary for the application to function.

NSSM (Non-Sucking Service Manager) version 2.24 is susceptible to a vulnerability specifically related to its service configuration and the lack of quote marks in service binary paths.

Mitigations and remediation

Are you currently , or are you looking to secure a new deployment ?

NSSM stores its configuration parameters within the Windows Registry under the following path: HKLM\SYSTEM\CurrentControlSet\Services\ \Parameters

Assume:

sc sdset MyNSSMService "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"

While the described vulnerabilities are file-permission issues, NSSM itself has historically been used as a in advanced attacks. Security researchers and penetration testers have used NSSM to elevate privileges or maintain access after gaining an initial foothold:

A dangerous weakness exists in NSSM (Non-Sucking Service Manager) versions 2.24 and below. If an attacker has (standard user) access to a system where an NSSM service runs as SYSTEM , they can trivially escalate to NT AUTHORITY\SYSTEM by abusing the service’s binary path. NSSM 2

The utility itself acts as a service wrapper. When Windows starts a service managed by NSSM, it runs nssm.exe , which reads configuration parameters from the system Registry and launches the actual target application. Local privilege escalation typically occurs via two classic attack vectors associated with this process: Pelco VideoXpert 1.12.105 - Local Privilege Escalation

© © 2026 VQT Lantern. All rights reserved..vxdas.com by VXDAS | All Rights Reserved
Facebook
Toggle Sliding Bar Area
Don`t copy text!
Go to Top