In this recipe, we are going to practice exploiting and gaining the additional privileges of a high-level user over an unquoted service path. First, let us understand what an unquoted service path is. What we are talking about is the path related to the service binary that is specified/configured without quotes. This specifically works only when a low-privilege user has been given access to the system drive. This generally happens in corporate networks where a user is given exception to add files.

Let us have a look at the following screenshot to better understand this problem:

If we look at the path to the executable, ...