Hide sensitive files with Alternate Data Streams

Discussion in 'Software' started by Mitzs, Dec 7, 2007.

  1. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    Dec 7, 2007 #1
    Remove Advertisement - Premium Membership
    http://windowssecrets.com/2007/12/06/01-Hide-sensitive-files-with-Alternate-Data-Streams
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  2. JohnBradbury

    JohnBradbury Kilobyte Poster

    372
    39
    52
    Dec 7, 2007 #2
    Remove Advertisement - Premium Membership
    I was curious so I gave it a whirl and the theory sounds a lot more exciting than the end result.

    For example I embedded a jpg file into a standard text file. When I then opened the txt file I could see encoding within the file. I then renamed the txt file to jpg and it showed me the image.

    I was able to simulate this by just renaming the jpg file with a txt extension, which was a lot quicker.
     
  3. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    Dec 7, 2007 #3
    I was about to say something about the ADS since I also read it in the windows secretes article but you beat me to it Mitz. It looks pretty interesting though. I certainly didn't know that existed.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Dec 7, 2007 #4
    ADS has been around for a long while now - its never really got the publicity it deserves. It is incredibly dangerous, allowing rootkits and God knows what else to be installed on a compromised system. Whilst not in and of itself a penetration threat, it is one of the most lethal tools in a hacker's arsenal once they have compromised your network.

    John, whilst you might not have been that impressed by it, think about if, say, someone were to hide an executable behind a seemingly harmless text file? Check out this link for an explanation of ADS and just why they are potentially so dangerous.

    Zeb
     
    Certifications: A few
    WIP: None - f*** 'em
  5. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    Dec 7, 2007 #5
    I agree, after reading the article on Windows Secretes, I did some more research and I found out exactly what Zeb said in his post.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. simon581

    simon581 New Member

    6
    0
    1
    Jan 22, 2008 #6
    Just an interesting fact - If you use ADS's to hide a 700MB video file in a 5KB text file the text file will still show as 5KB. :D
     

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...