Penetration Testing mailing list archives
Bypassing NTFS ACL
From: <chris () compucounts com>
Date: Fri, 18 Feb 2005 15:49:21 -0500
I've got domain admin access to a Windows 2003 server, and have encountered a series of directories that are protected by custom ACLs which do not include any group I am a member of and are not inheriting the ACL of their parent directory. I know there are plenty of simple solutions to this problem such as joining the group, taking ownership of the directory, etc, however I'm looking for a slightly more difficult solution that wouldn't be noticed. I want to bypass the ACL. I figured that if root can do it in UNIX, SYSTEM could do it in Windows, but it looks like I'm wrong: -- C:\> whoami nt authority\system C:\> cd somedir Access is denied. -- Is there any means of bypassing the ACL while the system is online without rewriting it? I'm going to reiterate: Yes there are plenty of other ways to do this, but I want to be difficult :) This could come in handy later on. Thanks, - Chris
Current thread:
- Bypassing NTFS ACL chris (Feb 21)
- Re: Bypassing NTFS ACL Frank Knobbe (Feb 22)
- RE: Bypassing NTFS ACL Steve Fletcher (Feb 22)
- Re: Bypassing NTFS ACL Capixaba (Feb 25)
- <Possible follow-ups>
- RE: Bypassing NTFS ACL Thomas Brennan (Feb 22)
- Re: FW: Bypassing NTFS ACL James S. Ringold III (Feb 24)
- RE: Bypassing NTFS ACL McClure David (Feb 25)