PENTESTER’S WINDOWS NTFS TRICKS COLLECTION

05.05.2019 14:26

René Feingruber "Pentesters Windows NTFS tricks collection

SEC Consult is publishing an excelent blog article on how to do some NTFS tricks to gain your goals.

TRICK 1: CREATE FOLDERS WITHOUT PERMISSIONS (CVE-2018-1036/NTFS EOP)
TRICK 2: BYPASS PATH RESTRICTIONS WITH ALTERNATE DATA STREAMS
TRICK 3: CREATE FILES WHICH CAN’T BE FOUND BY USING THE “…” FOLDER
TRICK 4: “HIDE” THE DESTINATION OF A DIRECTORY JUNCTION
TRICK 5: HIDE ALTERNATE DATA STREAMS
TRICK 6: HIDING THE PROCESS BINARY

REFERENCES:

https://msdn.microsoft.com/en-us/library/dn393272.aspx
https://tyranidslair.blogspot.co.at/2014/05/abusive-directory-syndrome.html
https://tyranidslair.blogspot.co.at/2014/06/addictive-double-quoting-sickness.html
https://googleprojectzero.blogspot.co.at/2016/02/the-definitive-guide-on-win32-to-nt.html
https://googleprojectzero.blogspot.co.at/2015/12/between-rock-and-hard-link.html
https://googleprojectzero.blogspot.co.at/2015/08/windows-10hh-symbolic-link-mitigations.html
http://insert-script.blogspot.co.at/2012/11/hidden-alternative-data-streams.html
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/