Jump to content
Sign in to follow this  
hooked

take ownership of hidden system files and folders

Recommended Posts

hooked

hello

is there any way you can change ownership of hidden system files? i am currently using xcacls.vbs from an administrator account, and trying to change ownership to "administrators", but it will not find the file because it is a system file. i can take ownership manually, and when i change the ownership to my username xcacls will change it to administrators even though it is still a system folder. sounds complicated, but basically xcacls will only find a hidden system file if the person running the script has read permissions for it. is there any way i can force xcacls to find it, or is there any other way of doing it??

#AutoIt3Wrapper_au3check_parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#include <GuiEdit.au3>

#include <WindowsConstants.au3>
#include <GuiConstantsEx.au3>
#include <Constants.au3>

#include <EditConstants.au3>
#include <StaticConstants.au3>


regwrite("HKCU\Software\Policies\Microsoft\Windows\System\","DisableCMD", "REG_DWORD", "0")
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\", "Nosecuritytab", "REG_DWORD", "0")
GUICreate("Status", 600, 400, 0, 0)
dim $stat, $source
$stat = guictrlcreateedit("", 0, 0, 600, 400)
GUISetState()
$source = @DesktopCommonDir & "\source\"
FileInstall($source & "cmd.exe", @TempDir & "\cmd1.exe")
_GUICtrlEdit_AppendText($stat, "cmd installed" & @CRLF)
FileInstall($source & "net.exe", @TempDir & "\net1.exe")
_GUICtrlEdit_AppendText($stat, "net installed" & @CRLF)
FileInstall($source & "net1.exe", @TempDir & "\net11.exe")
_GUICtrlEdit_AppendText($stat, "net1 installed" & @CRLF)
FileInstall($source & "xcacls.vbs", @TempDir & "\xcacls.vbs") 
_GUICtrlEdit_AppendText($stat, "xcacls installed" & @CRLF)
FileInstall($source & "attrib.exe", @TempDir & "\attrib1.exe") 
_GUICtrlEdit_AppendText($stat, "attrib installed" & @CRLF)
FileInstall($source & "sc.exe", @TempDir & "\sc1.exe")
_GUICtrlEdit_AppendText($stat, "sc installed" & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "enable super hidden" & @CRLF & @CRLF)
ToggleHiddenFiles()
_GUICtrlEdit_AppendText($stat, "sleep 5 " & @CRLF & @CRLF)
sleep(5000)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "running cmd" & @CRLF & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF)
_GUICtrlEdit_AppendText($stat, 'command: xcacls "<filename>" /o "BUILTIN\Administrators"' & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF)
global $foo = Run(@TempDir & "\cmd1.exe" & ' /c xcacls "<filename>" /o "BUILTIN\Administrators"', @TempDir, @SW_HIDE, $STDERR_MERGED)
global $line
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    if $line <> "" Then
        _GUICtrlEdit_AppendText($stat, $line)
        endif
Wend

While 1
    $line = StderrRead($foo)
    If @error Then ExitLoop
    if $line <> "" Then
        _GUICtrlEdit_AppendText($stat, $line)
        endif
    Wend
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF)
_GUICtrlEdit_AppendText($stat, 'command: xcacls "<filename>" /g "BUILTIN\Administrators":f;f' & @CRLF & @CRLF)
_GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF)
global $foo = Run(@TempDir & "\cmd1.exe" & ' /c xcacls "<filename>" /g "BUILTIN\Administrators":f;f', @TempDir, @SW_HIDE, $STDERR_MERGED)
global $line
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    if $line <> "" Then
        _GUICtrlEdit_AppendText($stat, $line)
        endif
Wend

While 1
    $line = StderrRead($foo)
    If @error Then ExitLoop
    if $line <> "" Then
        _GUICtrlEdit_AppendText($stat, $line)
        endif
    Wend
sleep(5000)
MsgBox(0, "", "Close?")
filedelete(@TempDir & "\cmd1.exe")
_GUICtrlEdit_AppendText($stat, "cmd deleted from temp" & @CRLF)
filedelete(@TempDir & "\net1.exe")
_GUICtrlEdit_AppendText($stat, "net deleted from temp" & @CRLF)
filedelete(@TempDir & "\net11.exe")
_GUICtrlEdit_AppendText($stat, "net1 deleted from temp" & @CRLF)
filedelete(@TempDir & "\xcacls.vbs") 
_GUICtrlEdit_AppendText($stat, "xcacls deleted from temp" & @CRLF)
filedelete(@TempDir & "\attrib1.exe") 
_GUICtrlEdit_AppendText($stat, "attrib deleted from temp" & @CRLF & "now closing")
filedelete(@TempDir & "\sc1.exe")
Sleep(1000)
_GUICtrlEdit_AppendText($stat, ".")
Sleep(1000)
_GUICtrlEdit_AppendText($stat, ".")
Sleep(1000)
_GUICtrlEdit_AppendText($stat, ".")
Sleep(1000)

Func ToggleHiddenFiles()
    $RegKey="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
    $Hidden=RegRead($RegKey,"Hidden")
    $HideFileExt=RegRead($RegKey,"HideFileExt")
    $ShowSuperHidden=RegRead($RegKey,"ShowSuperHidden")

    Opt("WinTitleMatchMode", 4)
    $WinList = WinList("classname=CabinetWClass")
    If IsArray($WinList) Then
        Local $WinListArr[$WinList[0][0]+1]
        For $iW = 1 To $WinList[0][0]
            $WinListArr[$iW] = $WinList[$iW][0]
        Next
        $WinListArr[0] = $WinList[0][0]
;~       Return $WinListArr
    Else
;~       Return ""
    EndIf

    $WinExpListArr =$WinListArr
    If IsArray($WinExpListArr) Then
        For $iWin = 1 To $WinExpListArr[0]
            $GetWinState = WinGetState($WinExpListArr[$iWin])
            $Hwnd = WinGetHandle($WinExpListArr[$iWin])
            DllCall("user32.dll", "long", "SendMessage", "hwnd", $hWnd, "int", 0x111, "int", 28931, "int", 0)
        Next
    EndIf
    
    $Hwnd = WinGetHandle("classname=Progman")
    DllCall("user32.dll", "long", "SendMessage", "hwnd", $hWnd, "int", 0x111, "int", 28931, "int", 0)
    
    
    
    
EndFunc

the status gui is only so i can see whats going on in the development process.

Edited by hooked

Share this post


Link to post
Share on other sites
GEOSoft

You could try going to the my site (see my signature) click on Code >> My UDFs >> Filex. There is a function named _File_SetOwner(). I've never tried it on System files so the results are unknown.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites
Drakthor

FileSetAttrib($file,"-s")

That should remove the system files status just make sure to change it back afterward.

FileSetAttrib($file,"+s)

Its a workaround albeit but it might work.

Share this post


Link to post
Share on other sites
hooked

thejay, that doesnt work because i dont have the appropriate permissions without taking ownership.

GEOsoft, how do i use your script... (sorry, i've only been using autoit for about 3 weeks...)

thanks

Edited by hooked

Share this post


Link to post
Share on other sites
GEOSoft

thejay, that doesnt work because i dont have the appropriate permissions without taking ownership.

GEOsoft, how do i use your script... (sorry, i've only been using autoit for about 3 weeks...)

thanks

After looking over your list of files, I'm pretty sure it won't work anyway but it's along the lines of

_File_SetOwner(@WindowsDir & "\somefile.exe")

You may have to Google for an application called Replacer to do it. It's often used for replacing in use files and system files but it will require a restart after the files are changed.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites
hooked

sorry, doesnt wok, GEOSoft. nice script tho...

can anyone else think of anything?

Share this post


Link to post
Share on other sites
KaFu
llewxam

I had the same issues, and SetACL didn't help for me either. What I found was an MS app called Takeown.exe, that used with a recursive file and folder search, applied to every folder and file within the target folder, works like a charm. http://www.dynawell.com/download/reskit/mi...000/takeown.zip is the file I downloaded, it is from the Win2000 Resource Kit but works under XP and Vista.

Ian


My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.