???Read??? Disposition Permissions of a File
FILE_READ_DATA Depending on the file, possible information disclosure. Allows
attacker to view contents of the file.
FILE_READ_ATTRIBUTES
FILE_READ_EA
Depending on the directory, possible information disclosure.
These rights grant access to the metadata of the file. Filenames
could contain sensitive info such as ???layoff plan.eml??? or ???plan to
sell company to google.doc.??? An attacker might also find bits of
information like usernames usable in a multistage attack.
GENERIC_READ Depending on the file, possible information disclosure. This right
grants FILE_READ_DATA, FILE_READ_ATTRIBUTES, and FILE_
READ_EA.
There are lots of scenarios where read access should not be granted to unprivileged
attackers. It might allow them to read (for example):
??? User??™s private data (user??™s browser history, favorites, mail)
??? Config files (might leak paths, configurations, passwords)
??? Log data (might leak other users and their behaviors)
eTrust appears to store data in a logfile readable by all users. Even if attackers could
not write to these files, they might want to know which attacks were detected by eTrust
so they could hide their tracks.
Attacking Weak File DACLs for Privilege Escalation
An attack was already demonstrated earlier in the enumeration section.
Pages:
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773