In this lab we will take ownership of the javascript.dll file and then change the filename and attempt to have Windows File Checker fix this file after we have "corrupted" it. We will be exploring how to take ownership with the "takeown" command prompt command and the "icacls" command to get full access to the file.
First, I had to open up command prompt with Administrative Privileges. To do this, I had to open up my start menu, find command prompt, right click it and select Run as administrator as shown in this picture:
First, I had to open up command prompt with Administrative Privileges. To do this, I had to open up my start menu, find command prompt, right click it and select Run as administrator as shown in this picture:
Now, having admin privileges allowed me to use the "takeown" command effectively whereas with normal user privileges it would not have worked. So, in order to take ownership over the javascript.dll file, I had to use the "takeown" command as follows: "takeown /F C:\windows\system32\javascript.dll" If the result is succesfull, it will look like the picture below:
Now to gain full access to the file we had to use the "Icacls" command. I had some issues at first getting the full command right but I finally did by typing as follows:icacls C:\Windows\System32\jscript.dll /grant Oli:(f)" Obviously you will have to replace Oli with the name of the user account you are using. If the command worked it will look like below. (You can also see my mistakes before typing the command right):
" Now, we need to change the filename of jscript.dll to jscript.dll.hold for the purpose of this lab. We can do this in command prompt by typing: "rename C:\windows\system32\jscript.dll jscript.dll.hold"
Once we have renamed the file we can now type the "sfc /scannow" command. This process takes a few minutes to complete. If SFC cannot replace the file you can search the C:\windows\winsxs folder for a copy of the file to manually replace it.
Once the process is complete you can type c:\windows\logs\cbs\cbs.log to check and see if SFC managed to replace the jscript.dll file back to its original format.
And that is how you can take ownership and gain full access to a system file as well as use SFC to restore files, thus completing lab 14-02.
Once we have renamed the file we can now type the "sfc /scannow" command. This process takes a few minutes to complete. If SFC cannot replace the file you can search the C:\windows\winsxs folder for a copy of the file to manually replace it.
Once the process is complete you can type c:\windows\logs\cbs\cbs.log to check and see if SFC managed to replace the jscript.dll file back to its original format.
And that is how you can take ownership and gain full access to a system file as well as use SFC to restore files, thus completing lab 14-02.