FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Racing the Windows XP ACL demon

So I was playing around with acls in XP home, Just trying to get a feel for XP homes undocumented (PRO only) capabilities.. and basically I was just setting up some network shares to do some backups via a homemade crossover cable to a 2nd pc.


Both of these pcs were behind a hardware/software firewall, and so each had their own host names, we'll say PEPSI and COKE, and they were both on a private network on the same subnet, so each belonged to a domain called MARKETING. Anyways, so I had a couple huge rar archives that I needed to back up.. I had built up the archives right on the desktop, by renaming the 'My Documents' folder to something else and then putting everything else in a heirarchy below that. What I didn't realize was that XP literally stilled called my archive folder 'My Documents'.. try it and you'll see... Before I realized that, I decided it would be a much faster download if the archive was closer to the root of the hard-drive (thinking of virtual-memory etc.).. So I moved the archive (15GB) to the C: directory and immediately it disappeared.. And I had used move instead of copy. I did a couple searches and couldnt get anything, so I rebooted in safe mode as Administrator. There they were, they showed up in C: but no matter what I did it wouldn't let me access/read/write/modify them at all.. all because of that weird 'My documents' relationship. And becuase my files were private, because technically they were still in my 'user profile'.. blah blah.. XP is so user-friendly its going backwards in good design. So I had to create a new user that belonged to the 'Administrators' group, and I eventually had to mess with the acls. IMO. So there I was trying to get back ownership of my freaking archive in a XP love triangle between Administrator--1st user--2nd user. Well, I was getting pissed at this and so I opened the security tab of C: and removed the 'Everyone' from the permissions, adn added my 2nd--user as the owner of not C:, but instead I put something like "several files down the line".. and it worked and I finally got back my archive.. The next day I booted up and it stalled forever after I logged in.. then it told me there was no pagefile. So I threw in a memory stick and managed to get a dos prompt to type 'mmc'. In disk management the drive claimed to have 0 free bytes, and 0 full bytes. I barely managed to right-click on c: in the diskmanagement, and then it barked at me with an Access denied type message. I popped in my XP pro disc and rebooted into recovery console, and ran chkdsk twice.. chkdsk said it was fine so I rebooted.. this time into safe-mode with network support. Everything was freezing and I barely managed to get a dos prompt using ctrl-alt-del to get to taskman, then that dos froze up and so I typed userinit ""to get another one, which worked good. So I went to C: and did cacls c: Basically I had made the permissions such so that it couldn't even access itself.. so I just went cacls c: /G Everyone:F and immediately I could hear the disk start accessing itself.. Anyway.. its a good prank thats difficult to fix (I was clueless) unless you know whats going on.. and you can easily do this remotely with just a command prompt and one or two [cacls ] commands. Probably need to be in Administrators group., but I sure don't trust XP to make you. Try net user #list of users even hidden ones and try control userpasswords2 #gui result and then see where you can get with the [ net localgroup "Power Users" /ADD username ] #and then deactivate accounts [ net user username /ACTIVE:NO ] #and reactivate them and switch around the groups, and thats usually all it takes to fool XP home. 1. Remove 'Everyone' from the root directory. 2. Replace a single user who is the only one with owner permissions.. but on the "several files later"

Hacking

 

 

Comments