bat
...
Next we??™ll run AccessChk and then do a quick survey of potentially interesting
regkeys it found.
C:\tools>checkreg.bat > checkreg.out
C:\tools>findstr /V Admin checkreg.out | findstr /V SYSTEM | findstr RW
RW JNESS2\jness
RW JNESS2\jness
RW BUILTIN\Power Users
RW JNESS2\jness
RW BUILTIN\Power Users
RW BUILTIN\Users
...
JNESS2 is a stock, fully patched Windows XP SP2 machine but there is at least one
regkey to investigate. Let??™s take a closer look at what registry access rights are interesting.
???Write??? Disposition Permissions of a Windows Registry Key
KEY_SET_VALUE Depending on key, possible elevation of privilege. Allows attacker
to set the registry key to a different value.
KEY_CREATE_SUB_KEY Depending on the registry location, possible elevation of privilege.
Allows attacker to create a subkey set to any arbitrary value.
WRITE_DAC Depending on key, possible elevation of privilege. Allows attackers
to rewrite the DACL, granting KEY_SET_VALUE or KEY_
CREATE_SUB_KEY to themselves. From there, attackers can set
values to facilitate an attack.
WRITE_OWNER Depending on key, possible elevation of privilege. Allows attackers
to become the object owner. Object ownership implies WRITE_
DAC.
Pages:
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755