Reference
Creating a manifest for your application http://msdn2.microsoft.com/en-gb/library/
ms766454.aspx
Chapter 16: Exploiting Windows Access Control Model for Local Elevation of Privilege
431
PART IV
???Read??? Disposition Permissions of a Directory
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
Depending on the directory, possible information disclosure. These
rights grant access to the metadata of the files in the directory.
Filenames could contain sensitive info such as ???layoff plan.eml??? or
???plan to sell company to google.doc.??? An attacker might also find
bits of information like usernames usable in a multistage attack.
GENERIC_READ Depending on the directory, possible information disclosure. This
right grants FILE_LIST_DIRECTORY, FILE_READ_ATTRIBUTES, and
FILE_READ_EA.
Granting untrusted or semi-trusted users read access to directories containing sensitive
filenames could be an information disclosure threat.
Attacking Weak Directory DACLs for Privilege Escalation
Going back to the list of weak directory DACLs on the JNESS2 test system, we see several
interesting entries. In the next section on file DACLs, we??™ll explore .exe replacement and
file tampering, but let??™s look now at what we can do without touching the files at all.
Pages:
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764