sc sdset MyService D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
Because NSSM is not a native Windows binary (unlike sc.exe ), it often bypasses application whitelisting rules that only check %SystemRoot%\System32 .
This vulnerability was initially identified in the installer, which bundles a copy of nssm.exe as part of the DAUM‑WINDOWS‑SERVICE. During installation, the file permissions on nssm.exe were not properly secured. Because of this misconfiguration, a low‑privileged local attacker can replace the legitimate nssm.exe with a malicious executable. When the corresponding Windows service (running with high privileges) is later restarted or the system reboots, the attacker’s code executes with administrative rights, granting full control over the compromised machine. nssm-2.24 exploit
, any user on that machine can potentially "hijack" the service for full administrative access. Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
NSSM, or Non-Sucking Service Manager, is an open-source service manager designed for Windows operating systems. It was created to provide a more user-friendly and flexible alternative to the built-in Windows Service Manager. NSSM allows users to easily install, configure, and manage services on their systems, making it a popular choice among system administrators. Odoo 12
For applications that require process monitoring and restart capabilities, newer process managers such as offer cross‑platform support and more robust security features. PM2 can manage Node.js applications but is also capable of supervising arbitrary executables, and its configuration system is designed with modern security practices in mind.
If you delete all of your shared links, no one can see the content inside them anymore. If you delete a link, you'll still have access to the thread in your AI Mode history. Learn more Can't delete the links right now. Try again later. You don't have any shared links yet. When the NSSM service starts
The hacker group known as “Crypt Ghouls” has been observed compromising contractor login information via VPN services or unpatched vulnerabilities. After gaining a foothold, the attackers used NSSM to create and manage services on the victim’s host, allowing them to maintain access even after system reboots. The group also used the Localtonet utility to create an encrypted tunnel for external connections.
Implement monitoring to detect any suspicious activity related to NSSM or the services it manages.
. When the NSSM service starts, Windows will execute the attacker's code instead of the legitimate NSSM binary, often with privileges. Exploit Guide 1. Identification