hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
eXist
Apr 13 2004, 11:01 AM
This an old (since the NTFS has been around) but it is relatively unknown, so I thought I'd share.

Basically it is a method of storing data in hidden files that are attached to normal files. These hidden files can't be seen, whereas the parent files (non-hidden ones) can. This means that so long as your parent file isn't an obvious or suspicious name, you can keep things hidden quite well. The size of your hidden files also won't show up, so they can be quite large.

This means your "hacking" tools can be hidden quite easily and run under the guise of a legitimate process. If this is named well then the user may be reluctant to delete the parent file, which is really hiding your hidden file.

You would need a different parent for each hidden file, but like I say, so long as it isn't suspicious then you should be right.

Also, this technique (I guess you could call it one) isn't very well known, which also means you should be able to stay undetected for longer.

I'm not personally going to run through the method, as there is no point. I wanted to provide you with an overall picture and some sort of introduction, both of which I hope were useful.

For further information and taking advantage of ADS, please check out:
http://www.diamondcs.com.au/index.php?page...id=ntfs-streams
http://patriot.net/~carvdawg/docs/dark_side.html

Have fun with it! biggrin.gif
misa
Apr 13 2004, 11:30 AM
omg nice one, will it also be undetected from av?
eXist
Apr 13 2004, 11:49 AM
*sigh*...



...read the articles and it'll answer your questions...



...in the short, most likely yes, unless their AV is top of the line.
T3cHn0b0y
Apr 13 2004, 01:43 PM
That just made some great reading m8! wink.gif

Thanks for the info m8...goto get myself a copy of that TDS-3!!!
predx
Apr 13 2004, 01:59 PM
Hey thanks for these intresting articles will read up tonight when i have a little more time
bonarez
Apr 13 2004, 03:16 PM
I looked into it a while ago as well.. found some nice tools !!!:

http://www.heysoft.de/nt/ep-lads.htm > list ads
http://www.securityfocus.com/data/tools/ads_cat.zip > cat ads (sounds cool heh?)
http://www.crucialsecurity.com/ > gui ads lister

someone told me it didn't work in xp (well it works, but it doesn't fool taskman anymore...)
anyone tested this on a XP???
JMP
Apr 13 2004, 03:35 PM
There has been a topic about this a while ago, although it focused more on being able to run files you are not supposed to run. Like you attach cmd.exe as a stream to notepad.exe, so when you run notepad.exe you really run cmd.exe. As Bonarez says, this does not fool XP task manager anymore, and hasn't been able to for a long time.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.