Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Bypassing NTFS ACL

From: <chris () compucounts com>
Date: Fri, 18 Feb 2005 15:49:21 -0500
I've got domain admin access to a Windows 2003 server, and have
encountered a series of directories that are protected by custom ACLs
which do not include any group I am a member of and are not inheriting
the ACL of their parent directory.  

I know there are plenty of simple solutions to this problem such as
joining the group, taking ownership of the directory, etc, however I'm
looking for a slightly more difficult solution that wouldn't be noticed.
I want to bypass the ACL.

I figured that if root can do it in UNIX, SYSTEM could do it in Windows,
but it looks like I'm wrong:
--
C:\> whoami
nt authority\system

C:\> cd somedir
Access is denied.
--

Is there any means of bypassing the ACL while the system is online
without rewriting it?

I'm going to reiterate: Yes there are plenty of other ways to do this,
but I want to be difficult :)  This could come in handy later on.

Thanks,

- Chris
Previous By Date Next
Previous By Thread Next

Current thread: