Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
2.10 Owned By
Description
The “owned_by” verb takes in a single parameter describing the user to check
for ownership. The fact will return true only if the provided file is owned by
the provided user.
Note: doesn’t include the DOMAIN.
Usage
file(<file path>).owned_by(<user name>)
Example
file(“c:\windows\system32\notepad.exe”).owned_by(“admin”)
The above example checks to see if the “c:\windows\system32\notepad.exe”
file is owned by the user “admin”.
Return Values
Return
Code
Description
True If the path exists, is a file, and the owner matches
False If the path exists, is a file, and the owner doesn’t match
Invalid If the path doesn’t exists, isn’t a file, or access denied
68
SECRET//ORCON//NOFORN