Nssm-2.24 Privilege Escalation [top] May 2026
nssm 2.24 privilege escalation — Overview and exploitation details
Summary
Your payload runs as SYSTEM. Game over.
- NSSM 2.24 is used to install a service named
vuln_svcas Administrator. - A standard user
bobexists on the system.
This article dissects the mechanics of the NSSM 2.24 privilege escalation attack, why it works, and what happens when an attacker gains a foothold on a machine with this version installed. nssm-2.24 privilege escalation
Root Cause
NSSM 2.24 does not enforce a restrictive DACL (Discretionary Access Control List) on created services. Instead, it relies on Windows defaults, which may allow SERVICE_CHANGE_CONFIG to non-admin users when the service is created during an administrative session but without explicit security hardening. nssm 2
In many installations of NSSM 2.24, the privilege escalation path typically follows this logic: This article dissects the mechanics of the NSSM 2
Avoid running services as LocalSystem unless absolutely necessary. Instead, create a Managed Service Account (MSA) or a dedicated low-privilege user account with only the specific permissions required to run that application. 4. Upgrade and Monitor