Penetration Testing mailing list archives
RE: Bypassing NTFS ACL
From: "Steve Fletcher" <safletcher () insightbb com>
Date: Mon, 21 Feb 2005 22:40:16 -0600
Actually, that's quite easy to do. There is a piece of freeware called FILEACL that will exactly what you want. Here is an excerpt from the web page: Uses Backup and Restore Rights to view/change ACL/ownership on non accessible files/dir To download the program or get more details, go to http://www.gbordier.com/gbtools/fileacl.htm. Hope this helps. Steve Fletcher MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+ safletcher () insightbb com -----Original Message----- From: chris () compucounts com [mailto:chris () compucounts com] Sent: Friday, February 18, 2005 2:49 PM To: pen-test () securityfocus com Subject: Bypassing NTFS ACL I've got domain admin access to a Windows 2003 server, and have encountered a series of directories that are protected by custom ACLs which do not include any group I am a member of and are not inheriting the ACL of their parent directory. I know there are plenty of simple solutions to this problem such as joining the group, taking ownership of the directory, etc, however I'm looking for a slightly more difficult solution that wouldn't be noticed. I want to bypass the ACL. I figured that if root can do it in UNIX, SYSTEM could do it in Windows, but it looks like I'm wrong: -- C:\> whoami nt authority\system C:\> cd somedir Access is denied. -- Is there any means of bypassing the ACL while the system is online without rewriting it? I'm going to reiterate: Yes there are plenty of other ways to do this, but I want to be difficult :) This could come in handy later on. Thanks, - Chris
Current thread:
- Bypassing NTFS ACL chris (Feb 21)
- Re: Bypassing NTFS ACL Frank Knobbe (Feb 22)
- RE: Bypassing NTFS ACL Steve Fletcher (Feb 22)
- Re: Bypassing NTFS ACL Capixaba (Feb 25)
- <Possible follow-ups>
- RE: Bypassing NTFS ACL Thomas Brennan (Feb 22)
- Re: FW: Bypassing NTFS ACL James S. Ringold III (Feb 24)
- RE: Bypassing NTFS ACL McClure David (Feb 25)