ACEshark: extraction and analysis of Windows service configurations and Access Control Entries
ACEshark
ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native binaries.
Why?
- Efficiently identify and analyze service permissions to uncover potential privilege escalation vectors (changing the
binpathof a service and restarting it). - Audit service permissions for specific users or across all groups and accounts.
How it works
Running ACEshark starts an HTTP/HTTPS server to act as a listener for service configurations and Access Control Entries. It generates a small extractor script based on the specified options, which the user runs on the target machine. ACEshark then retrieves and processes the data, providing a detailed analysis.
ACEshark generates a log file for each extracted services configuration, allowing reports to be regenerated if needed.
Important
- Even if a service is characterized as a great candidate for privilege escalation according to its ACEs and configuration, there are other Windows security features that may prevent you from actually abusing it.
- This is probably not going to be particularly stealthy.
- Using this tool against hosts that you do not have explicit permission to test is illegal. You are responsible for any trouble you may cause by using this tool.
