Listen to this Post
GitHub – WildByDesign/ACLViewer: ACL Viewer for Windows
https://github.com/WildByDesign/ACLViewer
Access Control Lists (ACLs) are a critical component of Windows security, defining permissions for files, directories, and registry keys. The ACL Viewer tool by WildByDesign provides a streamlined way to analyze and audit ACLs, making it invaluable for penetration testers, red teams, and blue teams.
You Should Know: Key Commands and Techniques for ACL Analysis
1. Viewing ACLs with PowerShell
PowerShell offers built-in cmdlets to inspect ACLs:
Get-Acl -Path "C:\Sensitive\File.txt" | Format-List
This retrieves the ACL for a specific file.
#### **2. Modifying ACLs with icacls**
Windows includes the `icacls` utility for modifying permissions:
icacls "C:\Sensitive\Folder" /grant User:(R,W)
This grants a user Read (R) and Write (W) permissions.
#### **3. Enumerating Weak Permissions**
Weak ACLs can lead to privilege escalation. Use this PowerShell script to find writable directories:
Get-ChildItem "C:\" -Recurse | Where-Object {
(Get-Acl $<em>.FullName).Access |
Where-Object { $</em>.IdentityReference -match "Everyone|Authenticated Users" -and $_.FileSystemRights -match "Write" }
} | Select-Object FullName
#### **4. Exporting ACLs for Offline Analysis**
Save ACLs to a CSV for further review:
Get-Acl "C:\Critical\Data" | Export-Csv -Path "C:\Reports\ACL_Audit.csv" -NoTypeInformation
#### **5. Detecting Dangerous Permissions**
Misconfigured registry ACLs can lead to exploits. Check registry keys:
Get-Acl -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" | Format-List
### **What Undercode Say**
ACL Viewer simplifies Windows security auditing, but manual checks with PowerShell and `icacls` remain essential. Always verify:
– Inherited vs. explicit permissions
– Overly permissive “Everyone” or “Users” entries
– Service account privileges
For defenders, automate ACL audits with scripts. Attackers, look for writable paths to escalate privileges.
### **Expected Output:**
- A detailed CSV of ACL permissions.
- List of vulnerable directories/registry keys.
- Remediation steps based on findings.
For more tools and techniques, visit the original GitHub repo: ACL Viewer.
References:
Reported By: Florian Hansemann – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
