Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

CBS Local

Technology Information Security Field Expanding Rapidly In Los Angeles
CBS Local
Heightened by the frequency and sophistication of cyber-attacks, the number of job opportunities in the field of information security (InfoSec), especially for security analysts, is projected to skyrocket in the coming years. The Bureau of Labor ...

 

Windows is an operating system with security features. For example, one can specify which users can access a file.

There is a system for Discretionary Access Control (DAC), and one for Mandatory Access Control (MAC). DAC is implemented with Discretionary Access Control Lists (DACL) and MAC is implemented with privileges.

When access to an object like a file is controlled with a DACL, and this DACL does not grant you access, then you can try to get access via a privilege. The privilege you need to read this file (any file), is the backup privilege (SE_BACKUP_NAME). This backup privilege is given to members of the Administrator and Backup Operators group:

But as an administrator on Windows with UAC, you don" />

But that is not enough to give you read access to a file. On Windows, a typical way to read the content of a file is to use the API function CreateFile to create a handle for the file, and then use API function ReadFile to read the content of the file via that handle. To use your enabled backup privilege, you need to pass a flag to CreateFile that indicates that you want to use your backup privilege: FILE_FLAG_BACKUP_SEMANTICS.

Since this is not easy to script, it would be nice if you could to this with the command line processor cmd.exe. Thats why I took ReactOS" />

With my modifications, you can use the privilege command to enable the backup privilege, and then copy or type a file. I also added an info command. Remark: cd does not use the privilege.

Here is a video showing these commands:

Didier Stevens
SANS ISC Handler
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
IT Security consultant at Contraste Europe.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Windows Authentication UI DLL side loading vulnerability
 
COM+ Services DLL side loading vulnerability
 
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247
 
Internet Storm Center Infocon Status