-
Binary hijacking Check if a binary (e.g. from a service) is writeable: PS C:\Users\dave> icacls "C:\xampp\apache\bin\httpd.exe"C:\xampp\apache\bin\httpd.exe BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(F) BUILTIN\Users:(F) NT AUTHORITY\Authenticated Users:(RX) Legend: If yes, replace it with a more useful executeable, like this one. Compile this for the correct target architecture and replace the original file. x86_64-w64-mingw32-gcc adduser.c -o adduser.exe Check this with one command:
-
File and directory integrity levels C:\Users\User>icacls hallo hallo NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) WINDEV2012EVAL\User:(I)(F) Mandatory Label\High Mandatory Level:(NW) (I)(F) means that the corresponding user or group has (F) Full permission on the file and that the permissions are inherited from the parent = directory. Note that the Read right ® also enables execution on that file! (There…