MiniTool ShadowMaker version 3.2 suffers from an unquoted service path vulnerability.
63df62c62699528cacbf92779536339a
# Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
# Discovery by: Thalia Nieto
# Discovery Date: 02/01/21
# Vendor Homepage: https://www.minitool.com
# Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/
# Tested Version: 3.2
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10
# Step to discover Unquoted Service Path:
C:\>wmic service get name, pathname, displayname, name | findstr /i "MTAgentService"
MTAgentService MTAgentService C:\Program Files\MiniTool ShadowMaker\AgentService.exe
# Service info:
C:\>sc qc "MTAgentService"
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: MTAgentService
TIPO : 110 WIN32_OWN_PROCESS (interactive)
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\MiniTool ShadowMaker\AgentService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : MTAgentService
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem