Exploiting weak registry permissions
This privilege escalation technique involves identifying and modifying the registry values of a service with a standard user account. In many cases, writing or modifying values in the Windows Registry is limited to administrators. However, you may come across services that can be modified by standard user accounts.
We can leverage this vulnerability to modify the ImagePath (the application path) of a service with the path of a custom executable. This will give us an elevated session when the service is restarted.
This technique will only work on systems that have at least one or more services with weak permissions.
The exploitation process can be performed by following these steps: