A little gift to all the pentesters out there...
All versions of Windows Server from 2008 R2 to 2019 are prone to a DLL hijacking in the %PATH% directories.
Run as SYSTEM
No reboot required
Can be triggered by a normal user on demand
https://itm4n.github.io/windows-server-netman-dll-hijacking/ …pic.twitter.com/Zi9njmo9M6
-
-
A very common misconfiguration

-
It's unfortunate that there are several apps that will perform this misconfiguration for you. Those app installers are CVE-worthy.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Anyway... Nice one.
I've spent countless hours looking for this kind of "vuln" in services running as SYSTEM on a default installation and I only found a handful of them, and none on the latest Windows 10.
I must be really dumb. 