Sweet :) Just to make sure I’m not missing something, this does require SeCreateSymbolicLink, right?
Its a common misconception that a directory that to be empty to become a junction folder / symbolic link directory. Just make an alternative data stream on the directory a symbolic link and the entire directory transforms:pic.twitter.com/HzYvgtlo78
-
-
-
yes, but junction folder do not
- Show replies
New conversation -
-
-
Nice find. Presumably it's a bug as the ADS doesn't have its own $REPARSE attribute so NTFS reroutes routes it to the main directories one. However the check for whether it's a directory and thus whether it's empty would be done on the ADS's FILE_OBJECT which would pass :-)
-
it seems that mklink open the the stream as a file not folder with disposition CREATE_NEW and flag FILE_NON_DIRECTORY_FILE which technically mean that's a file not a directory which FILE_OBJECT wouldn't do something to check if there's something in the directory
End of conversation
New conversation -
-
-
Ditto for UNIX - NFS mount points. Having an rsync job to sync a few essential files to the underlying mount-point directory (at an alternate hardlink) when the NFS share isn't available saved my operational bacon a few times.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That's a cool find!
-
Ive known about for over 3 years and mentioned it here on twitter minium 3 times- but people havent really noticed. I submitted it 2 years ago, but was rejected because symlinks requires admin rights. But, yarh- if you have the priv its easy to become SYSTEM with it.
- Show replies
New conversation -
-
-
That's what we call a good finding
-
flag_reparse_point is waiting for you xD
- Show replies
New conversation -
-
-
the bug can be also abused against files
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.