Re: FW: Bypassing NTFS ACL

From: James S. Ringold III (jringold_at_yahoo.com)
Date: 02/24/05

Next message: Anthony Ruso: "PENTEST MySQL on windows"

Previous message: Chris: "Traceroute"
Maybe in reply to: chris_at_compucounts.com: "Bypassing NTFS ACL"
Next in thread: McClure David: "RE: Bypassing NTFS ACL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Feb 2005 13:02:11 -0800 (PST)
To: chris@compucounts.com, pen-test@securityfocus.com

Quick and dirty, if you want the content and
properties of the files, use forensics tools like this
one http://www.accessdata.com/ftkuser/imager.htm from
a thumb drive or other location. I am assuming that
you have interactive access to the machine. You won't
change the files or the permissions. Since this
particular application bypasses the usual NTFS
controls and file access calls, you should be G2G.

> -----Original Message-----
> From: chris@compucounts.com
> [mailto:chris@compucounts.com]
> Sent: Friday, February 18, 2005 2:49 PM
> To: pen-test@securityfocus.com
> Subject: Bypassing NTFS ACL
>
> I've got domain admin access to a Windows 2003
> server, and have
> encountered a series of directories that are
> protected by custom ACLs
> which do not include any group I am a member of and
> are not inheriting
> the ACL of their parent directory.
>
> I know there are plenty of simple solutions to this
> problem such as
> joining the group, taking ownership of the
> directory, etc, however I'm
> looking for a slightly more difficult solution that
> wouldn't be noticed.
> I want to bypass the ACL.
>
> I figured that if root can do it in UNIX, SYSTEM
> could do it in Windows,
> but it looks like I'm wrong:
> --
> C:\> whoami
> nt authority\system
>
> C:\> cd somedir
> Access is denied.
> --
>
> Is there any means of bypassing the ACL while the
> system is online
> without rewriting it?
>
> I'm going to reiterate: Yes there are plenty of
> other ways to do this,
> but I want to be difficult :) This could come in
> handy later on.
>
> Thanks,
>
> - Chris

__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

Next message: Anthony Ruso: "PENTEST MySQL on windows"

Previous message: Chris: "Traceroute"
Maybe in reply to: chris_at_compucounts.com: "Bypassing NTFS ACL"
Next in thread: McClure David: "RE: Bypassing NTFS ACL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

more on Vick
... There have been plenty of distractions so far, ... back, Bradley's ACL, Ingram's ACL, and the entire OL is injured. ... You'd expect the Eagles to be ...
(alt.sports.football.pro.phila-eagles)
RE: Bypassing NTFS ACL
... Subject: Bypassing NTFS ACL ... I've got domain admin access to a Windows 2003 server, ... I figured that if root can do it in UNIX, SYSTEM could do it in Windows, ... Yes there are plenty of other ways to do this, ...
(Pen-Test)
Re: how to setup the squid server
... in the file /etc/squid/squid.conf under the acl section you will find: ... # Example rule allowing access from your local networks. ... Do You Yahoo!? ... Mail has the best spam protection around ...
(RedHat)
Bypassing NTFS ACL
... I've got domain admin access to a Windows 2003 server, ... I want to bypass the ACL. ... I figured that if root can do it in UNIX, SYSTEM could do it in Windows, ... Yes there are plenty of other ways to do this, ...
(Pen-Test)