ACEshark: extraction and analysis of Windows service configurations and Access Control Entries

by ddos · Published · Updated

ACEshark

ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native binaries.

Why?

  • Efficiently identify and analyze service permissions to uncover potential privilege escalation vectors (changing the binpath of a service and restarting it).
  • Audit service permissions for specific users or across all groups and accounts.

How it works

Running ACEshark starts an HTTP/HTTPS server to act as a listener for service configurations and Access Control Entries. It generates a small extractor script based on the specified options, which the user runs on the target machine. ACEshark then retrieves and processes the data, providing a detailed analysis.

ACEshark generates a log file for each extracted services configuration, allowing reports to be regenerated if needed.

Important

  1. Even if a service is characterized as a great candidate for privilege escalation according to its ACEs and configuration, there are other Windows security features that may prevent you from actually abusing it.
  2. This is probably not going to be particularly stealthy.
  3. Using this tool against hosts that you do not have explicit permission to test is illegal. You are responsible for any trouble you may cause by using this tool.

Install & Use

Tags: Access Control EntriesWindows service