[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Windows covert channel

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Windows covert channel
From: "Wally Eaton" <WEaton@coj.net>
Date: Tue, 21 Oct 2003 08:16:12 -0400

James,
You may be thinking of "Streams" in Windows files. Data can be hidden in 
secondary files on NTFS partitions. I believe it was developed to be compatible 
with Apple/ MAC systems. In any case the following is an example:

Run CMD
On a NTFS partition

D:\> echo Hello > FrontFile
D:\> type FrontFile
Hello

D:\> echo Good Day >> FrontFile
D:\> type FrontFile
Hello
Good Day

D:\> echo Secret Info > FrontFile:BackFile
D:\> type FrontFile
Hello
Good Day

D:\> more < FrontFile:BackFile
Secret Info

Now add data to the FrontFile only

D:\> echo Good Evening >> FrontFile
D:\> type FrontFile
Hello
Good Day
Good evening

Now add data to the BackFile only

D:\> echo More Secret Data >>FrontFile:BackFile
D:\> more < FrontFile:BackFile
Secret Info
More Secret Data

You will notice if you enter a DIR command that only the FrontFile will be 
displayed. Furthermore, the size of the file will reflect only the content of 
the FrontFile.
Have a great day.
Wally 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Windows covert channel
  - From: Rainer Gerhards <rgerhards@hq.adiscon.com>

Prev by Date: Re: [Full-Disclosure] No Subject (re: openssh exploit code?)
Next by Date: Re: [Full-Disclosure] JAP Wins Court Victory
Previous by thread: Re: [Full-Disclosure] Windows covert channel
Next by thread: Re: [Full-Disclosure] Windows covert channel
Index(es):
- Date
- Thread