Quick and dirty, if you want the content and
properties of the files, use forensics tools like this
one http://www.accessdata.com/ftkuser/imager.htm from
a thumb drive or other location. I am assuming that
you have interactive access to the machine. You won't
change the files or the permissions. Since this
particular application bypasses the usual NTFS
controls and file access calls, you should be G2G.
-----Original Message-----
From: chris@compucounts.com
[mailto:chris@compucounts.com]
Sent: Friday, February 18, 2005 2:49 PM
To: pen-test@securityfocus.com
Subject: Bypassing NTFS ACL
I've got domain admin access to a Windows 2003
server, and have
encountered a series of directories that are
protected by custom ACLs
which do not include any group I am a member of and
are not inheriting
the ACL of their parent directory.
I know there are plenty of simple solutions to this
problem such as
joining the group, taking ownership of the
directory, etc, however I'm
looking for a slightly more difficult solution that
wouldn't be noticed.
I want to bypass the ACL.
I figured that if root can do it in UNIX, SYSTEM
could do it in Windows,
but it looks like I'm wrong:
--
C:\> whoami
nt authority\system
C:\> cd somedir
Access is denied.
--
Is there any means of bypassing the ACL while the
system is online
without rewriting it?
I'm going to reiterate: Yes there are plenty of
other ways to do this,
but I want to be difficult :) This could come in
handy later on.
Thanks,
- Chris
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
