From: Steve Fletcher (safletcher@insightbb.com)
Date: Mon Feb 21 2005 - 23:40:16 EST
Actually, that's quite easy to do. There is a piece of freeware called
FILEACL that will exactly what you want. Here is an excerpt from the web
page:
Uses Backup and Restore Rights to view/change ACL/ownership on non
accessible files/dir
To download the program or get more details, go to
http://www.gbordier.com/gbtools/fileacl.htm.
Hope this helps.
Steve Fletcher
MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
safletcher@insightbb.com
-----Original Message-----
From: chris@compucounts.com [mailto:chris@compucounts.com]
Sent: Friday, February 18, 2005 2:49 PM
To: pen-test@securityfocus.com
Subject: Bypassing NTFS ACL
I've got domain admin access to a Windows 2003 server, and have
encountered a series of directories that are protected by custom ACLs
which do not include any group I am a member of and are not inheriting
the ACL of their parent directory.
I know there are plenty of simple solutions to this problem such as
joining the group, taking ownership of the directory, etc, however I'm
looking for a slightly more difficult solution that wouldn't be noticed.
I want to bypass the ACL.
I figured that if root can do it in UNIX, SYSTEM could do it in Windows,
but it looks like I'm wrong:
-- C:\> whoami nt authority\system C:\> cd somedir Access is denied. -- Is there any means of bypassing the ACL while the system is online without rewriting it? I'm going to reiterate: Yes there are plenty of other ways to do this, but I want to be difficult :) This could come in handy later on. Thanks, - Chris
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT