Author: thorn (aXis) Source: www.3389.net Abstract: On the acl nt, token, and privilege, and the privilege by bypassing acl, the purpose of access to the file. It can be said to be another method of cloning administrator, but more concealed, it is difficult to use, it needs to bypass the test. The current breakthrough is to use the right to bypass the ACL. Keywords: ACL, ACE, DACL, TOKEN, SID, PRIVILEGE ADSING: I would like to give Chen Jing. One. Basic concept (this part introduces the basic concepts such as tokens, ACLs, is prepared for the second part, if you have already understood its content, skip this part) 1. What is token (Token) When the user logs in to Windows NT / 2000 / XP, it passes an authentication at the same time, and it will be assigned a token by the system. The token is a data structure for process and threads that are activated by all users. FIG token structure as follows: Token sourceImpersonation TypeToken IDAuthentication IDModified IDExpiration TimeDefault Primary GroupDefault DACLUser Account SIDGroup 1 SID ...... Group n SIDRestricted SID 1 ...... Restricted SID nPrivilege 1 ...... Prililege n
