RE: Bypassing NTFS ACL

["Thomas Brennan" <tbrennan () datasafeservices com>]

Sure.

My Computer --> %DRIVE/FOLDER --> right click --> properties -->
security tab --> advanced --> permissions or owner depending on what you
need to do long term.

/* 
Thomas J. Brennan, CISSP, MCSA, C|EH
DATA SAFE SERVICES
T:(888)663-0079 | F:(973)428-0293 | PGP Key Id: 0x96924C97 
Web: www.datasafeservices.com 
*/
 

> -----Original Message-----
> From: chris () compucounts com [mailto:chris () compucounts com] 
> Sent: Friday, February 18, 2005 3:49 PM
> To: pen-test () securityfocus com
> Subject: Bypassing NTFS ACL
>
> I've got domain admin access to a Windows 2003 server, and 
> have encountered a series of directories that are protected 
> by custom ACLs which do not include any group I am a member 
> of and are not inheriting the ACL of their parent directory.  
>
> I know there are plenty of simple solutions to this problem 
> such as joining the group, taking ownership of the directory, 
> etc, however I'm looking for a slightly more difficult 
> solution that wouldn't be noticed.
> I want to bypass the ACL.
>
> I figured that if root can do it in UNIX, SYSTEM could do it 
> in Windows, but it looks like I'm wrong:
> --
> C:\> whoami
> nt authority\system
>
> C:\> cd somedir
> Access is denied.
> --
>
> Is there any means of bypassing the ACL while the system is 
> online without rewriting it?
>
> I'm going to reiterate: Yes there are plenty of other ways to 
> do this, but I want to be difficult :)  This could come in 
> handy later on.
>
> Thanks,
>
> - Chris

DATA SAFE SERVICES: This email message is for the sole use of the intended recipient(s) and may contain confidential 
and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the 
intended recipient, please contact the sender by email or telephone and destroy all copies of the original message.