Question

Help - Search - Member List - Calendar

Full Version: Question

GovernmentSecurity.org > System Security > Windows Systems

Neoankt

Nov 1 2004, 10:13 PM

How would i come to making "INVISIBLE" folders/files in c/c++ either using the WINAPI or WINDDK

[_-ViCiOuS-_]

Nov 1 2004, 11:07 PM

dunno
but you can copy this part out of an other (open source) rootkit

kingvandal

Nov 1 2004, 11:53 PM

I am pretty sure you can not make a folder "INVISIBLE" but... you can make it a hidden folder that will open to something different thus fooling any admin. I am sure you have probally read about how to create the "Control Panel " folder right? if not there is a very nice list of folders you can create that you can "hide" things in. Just create a new folder put what you want to be hidden in it and then rename the folder to one of the names below. Now this list is probally very small comapred to others on this board but will help get ya started. If you look in the HKEY_CLASSES_ROOT\CLSID you can try somemore that are not listed here. Hope this helps.

CODE

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents.{ECF03A32-103D-11d2-854D-006008059367}
Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}
Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
My Documents.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Mis Documentos.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Network Neighborhood.{208D2C60-3AEA-1069-A2D7-08002B30309D}
Mis sitios de red.{208D2C60-3AEA-1069-A2D7-08002B30309D}
MY Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Mi PC.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Impresoras y faxes.{2227A280-3AEA-1069-A2DE-08002B30309D}
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Papelera de reciclaje.{645FF040-5081-101B-9F08-00AA002F954E}
My Documents.{ECF03A32-103D-11d2-854D-006008059367}
Mis Documentos.{ECF03A32-103D-11d2-854D-006008059367}
Microsoft FTP Folder.{63da6ec0-2e98-11cf-8d82-444553540000}
Microsoft FTP Folder.{63da6ec0-2e98-11cf-8d82-444553540000}
History.{7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Historial.{7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Briefcase.{85BBD920-42A0-1069-A2E4-08002B30309D}
Mi Maletín.{85BBD920-42A0-1069-A2E4-08002B30309D}
Dial-Up Network.{992CFFA0-F557-101A-88EC-00DD010CCC48}
Conexiones de red.{992CFFA0-F557-101A-88EC-00DD010CCC48}
Scheduled Tasks.{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Tareas programadas.{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Offline Web Pages.{F5175861-2688-11d0-9C5E-00AA00A45957}
Search Results.{E17D4FC0-5564-11D1-83F2-00A0C90DC849}
Resultados de Busqueda.{E17D4FC0-5564-11D1-83F2-00A0C90DC849}
PowerPoint Extension.{64818D10-4F9B-11CF-86EA-00AA00B929E8}
Extención PowerPoint.{64818D10-4F9B-11CF-86EA-00AA00B929E8}
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Panel de control.{21EC2020-3AEA-1069-A2DD-08002B30309D}

[_-ViCiOuS-_]

Nov 1 2004, 11:57 PM

you can make a folder invisible, afx rootkit can do this
don´t you think i looks stupid ich you have a control panel in c:\

you can also make a folder namen "\ \" i mean " " and delete the icon out auf explorer.exe

kingvandal

Nov 2 2004, 01:04 AM

cool I learn something new every day.

try this one out.

Cabinet File.{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}

It will change icon to cab file and not show contents of cab file.

Rich

Neoankt

Nov 2 2004, 02:23 AM

Yea thanks i knew of that yet i want c code (thanks though the one thing i didnt know of is the cabinet) but however, in other rootkits its a lot of code to extract to copy code

SkitZZ

Nov 2 2004, 04:30 AM

check this google search out might be what your after

QUOTE

By using API Hooking SDK, you can do many many things, such as: monitor and control programs; monitor and control file access; monitor and control registry access; monitor and control network access; hide private directory and files...

http://www.google.com/search?hl=en&lr=&q=%...ows&btnG=Search

SkitZZ

Neoankt

Nov 2 2004, 04:37 AM

*Big Thanks*

Partizaan

Nov 2 2004, 09:25 AM

#include <stdio.h>
#include <windows.h>

int main()
{
system("MKDIR Cabinet File.{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}");
system("MKDIR PARTIZAAN IS THE MAN");
return 0;
}

LiquidH2O

Nov 3 2004, 01:18 PM

Thank youfor this link Skitzz.
I'm gonna try this program

Best Regards

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Question GovernmentSecurity.org > System Security > Windows Systems Neoankt Nov 1 2004, 10:13 PM How would i come to making "INVISIBLE" folders/files in c/c++ either using the WINAPI or WINDDK [_-ViCiOuS-_] Nov 1 2004, 11:07 PM dunno but you can copy this part out of an other (open source) rootkit kingvandal Nov 1 2004, 11:53 PM I am pretty sure you can not make a folder "INVISIBLE" but... you can make it a hidden folder that will open to something different thus fooling any admin. I am sure you have probally read about how to create the "Control Panel " folder right? if not there is a very nice list of folders you can create that you can "hide" things in. Just create a new folder put what you want to be hidden in it and then rename the folder to one of the names below. Now this list is probally very small comapred to others on this board but will help get ya started. If you look in the HKEY_CLASSES_ROOT\CLSID you can try somemore that are not listed here. Hope this helps. CODE Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8} Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E} My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D} My Documents.{ECF03A32-103D-11d2-854D-006008059367} Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534} Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8} Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8} My Documents.{450D8FBA-AD25-11D0-98A8-0800361B1103} Mis Documentos.{450D8FBA-AD25-11D0-98A8-0800361B1103} Network Neighborhood.{208D2C60-3AEA-1069-A2D7-08002B30309D} Mis sitios de red.{208D2C60-3AEA-1069-A2D7-08002B30309D} MY Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D} Mi PC.{20D04FE0-3AEA-1069-A2D8-08002B30309D} Impresoras y faxes.{2227A280-3AEA-1069-A2DE-08002B30309D} Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E} Papelera de reciclaje.{645FF040-5081-101B-9F08-00AA002F954E} My Documents.{ECF03A32-103D-11d2-854D-006008059367} Mis Documentos.{ECF03A32-103D-11d2-854D-006008059367} Microsoft FTP Folder.{63da6ec0-2e98-11cf-8d82-444553540000} Microsoft FTP Folder.{63da6ec0-2e98-11cf-8d82-444553540000} History.{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Historial.{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Briefcase.{85BBD920-42A0-1069-A2E4-08002B30309D} Mi Maletín.{85BBD920-42A0-1069-A2E4-08002B30309D} Dial-Up Network.{992CFFA0-F557-101A-88EC-00DD010CCC48} Conexiones de red.{992CFFA0-F557-101A-88EC-00DD010CCC48} Scheduled Tasks.{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Tareas programadas.{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Offline Web Pages.{F5175861-2688-11d0-9C5E-00AA00A45957} Search Results.{E17D4FC0-5564-11D1-83F2-00A0C90DC849} Resultados de Busqueda.{E17D4FC0-5564-11D1-83F2-00A0C90DC849} PowerPoint Extension.{64818D10-4F9B-11CF-86EA-00AA00B929E8} Extención PowerPoint.{64818D10-4F9B-11CF-86EA-00AA00B929E8} Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} Panel de control.{21EC2020-3AEA-1069-A2DD-08002B30309D} [_-ViCiOuS-_] Nov 1 2004, 11:57 PM you can make a folder invisible, afx rootkit can do this don´t you think i looks stupid ich you have a control panel in c:\ you can also make a folder namen "\ \" i mean " " and delete the icon out auf explorer.exe kingvandal Nov 2 2004, 01:04 AM cool I learn something new every day. try this one out. Cabinet File.{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} It will change icon to cab file and not show contents of cab file. Rich Neoankt Nov 2 2004, 02:23 AM Yea thanks i knew of that yet i want c code (thanks though the one thing i didnt know of is the cabinet) but however, in other rootkits its a lot of code to extract to copy code SkitZZ Nov 2 2004, 04:30 AM check this google search out might be what your after QUOTE By using API Hooking SDK, you can do many many things, such as: monitor and control programs; monitor and control file access; monitor and control registry access; monitor and control network access; hide private directory and files... http://www.google.com/search?hl=en&lr=&q=%...ows&btnG=Search SkitZZ Neoankt Nov 2 2004, 04:37 AM Big Thanks Partizaan Nov 2 2004, 09:25 AM #include <stdio.h> #include <windows.h> int main() { system("MKDIR Cabinet File.{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"); system("MKDIR PARTIZAAN IS THE MAN"); return 0; } LiquidH2O Nov 3 2004, 01:18 PM Thank youfor this link Skitzz. I'm gonna try this program Best Regards This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.