Re: FW: Bypassing NTFS ACL

["James S. Ringold III" <jringold () yahoo com>]

Quick and dirty, if you want the content and
properties of the files, use forensics tools like this
one http://www.accessdata.com/ftkuser/imager.htm from
a thumb drive or other location.   I am assuming that
you have interactive access to the machine.  You won't
change the files or the permissions.  Since this
particular application bypasses the usual NTFS
controls and file access calls, you should be G2G.

> -----Original Message-----
> From: chris () compucounts com
> [mailto:chris () compucounts com] 
> Sent: Friday, February 18, 2005 2:49 PM
> To: pen-test () securityfocus com
> Subject: Bypassing NTFS ACL
>
> I've got domain admin access to a Windows 2003
> server, and have
> encountered a series of directories that are
> protected by custom ACLs
> which do not include any group I am a member of and
> are not inheriting
> the ACL of their parent directory.  
>
> I know there are plenty of simple solutions to this
> problem such as
> joining the group, taking ownership of the
> directory, etc, however I'm
> looking for a slightly more difficult solution that
> wouldn't be noticed.
> I want to bypass the ACL.
>
> I figured that if root can do it in UNIX, SYSTEM
> could do it in Windows,
> but it looks like I'm wrong:
> --
> C:\> whoami
> nt authority\system
>
> C:\> cd somedir
> Access is denied.
> --
>
> Is there any means of bypassing the ACL while the
> system is online
> without rewriting it?
>
> I'm going to reiterate: Yes there are plenty of
> other ways to do this,
> but I want to be difficult :)  This could come in
> handy later on.
>
> Thanks,
>
> - Chris


        
                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail