accesschk

Notes

• Already has a LOW PRIVILEGE user
• Always put /accepteula at the end

References

• https://github.com/ankh2054/windows-pentest
• https://gist.github.com/sckalath/8dacd032b65404ef7411

Check for insecure services

• accesschk users -cw * /accepteula
• accesschk.exe -uwcqv "Authenticated Users" * /accepteula
• accesschk users -cuwcqv * /accepteula
• accesschk.exe -ucqv service name /accepteula

Find all weak folder permissions per drive.

• accesschk.exe -uwdqs Users c:\ /accepteula
• accesschk.exe -uwdqs "Authenticated Users" c:\ /accepteula

Find all weak file permissions per drive.

• accesschk.exe -uwqs Users c:*.* /accepteula
• accesschk.exe -uwqs "Authenticated Users" c:*.* /accepteula

To see what Registry keys under HKLM\CurrentUser a specific account has no access to:

• accesschk -kns austin\mruss hklm\software /accepteula

To see the security on the HKLM\Software key:

• accesschk -k hklm\software /accepteula

To see all files under \Users\Mark on Vista that have an explicit integrity level:

• accesschk -e -s c:\users\mark /accepteula

To see all global objects that Everyone can modify:

• accesschk -wuo everyone \basednamedobjects /accepteula