backtick

Appearance

Enumeration with Powersploit

Powersploit docs

Import Module

powershell
. C:\AD\Tools\PowerSploit.ps1

Get services with unquoted paths and a space in their name

powershell
Get-ServiceUnquoted -Verbose

Get services where the current user can write to its binary path or change arguments to the binary

powershell
Get-ModifiableServiceFile -Verbose

Get services where the current user can modify their configuration

powershell
Get-ModifiableService -Verbose

Invoke all checks

powershell
Invoke-AllChecks