Thick Client Security-Improper File & Folder Permissions

  1. Attacker can use these excessive files and folders permissions to perform malicious activities. Even these excessive permissions leads to DLL hijacking attack.
  2. At a time we can verify the given permissions for all files in a particular folder using “sysyinternals tool” — “AccessEnum” or We can manually check the assigned permissions for particular file or folder.
AccessEnum Tool

4. In AccessEnum tool make the below change to view permissions for all files present in the given folder.

navigate to “options” → “File display options” → “Display files with permissions that differ from parent”

5. Input the folder path into AccessEnum tool and click on scan to view the permissions of files. Only Administrator should have Read & Write permissions. If the permission is set to everyone it should be changed to Administrator.

6. Permissions can be verified manually in the properties of the particular file or folder.

Remediation: Remove the excessive file permissions on files and folders.

!! Happy Learning !!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store