From: James S. Ringold III (jringold@yahoo.com)
Date: Thu Feb 24 2005 - 16:02:11 EST
Quick and dirty, if you want the content and
properties of the files, use forensics tools like this
one http://www.accessdata.com/ftkuser/imager.htm from
a thumb drive or other location. I am assuming that
you have interactive access to the machine. You won't
change the files or the permissions. Since this
particular application bypasses the usual NTFS
controls and file access calls, you should be G2G.
> -----Original Message-----
> From: chris@compucounts.com
> [mailto:chris@compucounts.com]
> Sent: Friday, February 18, 2005 2:49 PM
> To: pen-test@securityfocus.com
> Subject: Bypassing NTFS ACL
>
> I've got domain admin access to a Windows 2003
> server, and have
> encountered a series of directories that are
> protected by custom ACLs
> which do not include any group I am a member of and
> are not inheriting
> the ACL of their parent directory.
>
> I know there are plenty of simple solutions to this
> problem such as
> joining the group, taking ownership of the
> directory, etc, however I'm
> looking for a slightly more difficult solution that
> wouldn't be noticed.
> I want to bypass the ACL.
>
> I figured that if root can do it in UNIX, SYSTEM
> could do it in Windows,
> but it looks like I'm wrong:
> --
> C:\> whoami
> nt authority\system
>
> C:\> cd somedir
> Access is denied.
> --
>
> Is there any means of bypassing the ACL while the
> system is online
> without rewriting it?
>
> I'm going to reiterate: Yes there are plenty of
> other ways to do this,
> but I want to be difficult :) This could come in
> handy later on.
>
> Thanks,
>
> - Chris
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT