Gray Hat Hacking: The Ethical Hacker??™s Handbook
394
Figure 16-4 C:\Program Files security descriptor
Let??™s spend a few minutes dissecting the first ACE (ACE[0]), which will help you understand
the others. ACE[0] grants a specific type of access to the group BUILTIN\Users. The
hex string 0x001200A9 corresponds to an access mask that can describe whether each possible
access type is either granted or denied. (Don??™t ???check out??? here because you think
you won??™t be able to understand this??”you can and will be able to understand!) As you
can see in Figure 16-5, the low-order 16 bits in 0x001200A9 are specific to files and directories.
The next eight bits are for standard access rights, which apply to most types of
objects. And the final four high-order bits are used to request generic access rights that any
object can map to a set of standard and object-specific rights.
With a little help fromMSDN(http://msdn2.microsoft.com/en-us/library/aa822867
.aspx), let??™s break down 0x001200A9 to determine what access the Users group is
granted to the C:\Program Files directory. If you convert 0x001200A9 from hex to
binary, you??™ll see six 1??™s and fifteen 0??™s filling positions 0 through 20 in Figure 16-5.
Pages:
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711