Re: How to hide a file ?

From: H C (keydet89@yahoo.com)
Date: 01/08/02 

Date: Tue, 8 Jan 2002 10:02:02 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: Udi dahan <udi@co.zahav.net.il>, vuln-dev@security-focus.com

Udi,

There are many ways to go about this, beleive it or
not. The question really becomes...who am I hiding
this file from?

I won't go into a lot of detail now...I don't want to
steal my own thunder, ie, my BlackHat presentation in
Feb...but Jose pointed out NTFS alternate data
streams. You can hide data or even executables in ADS
and run them directly from the ADS itself.

But again, the question is...who are you hiding the
data from? Hiding from a user or a (perhaps less than
knowledgeable) admin is pretty easy, w/o using the
hidden DOS attribute. How about hiding it from a
forensics analyst? Alternate data streams won't work
for this, and will only highlight your intentions.
But there are ways to go about this...so stay tuned.

> I was wondering if there's a way to hide a file
> under windows 2000
> server,
> so that it will not be seen when using "show hidden
> file", "show all
> files" and so on.
> I want to hide a file but I want to be able to run
> the file only when I
> know exactly where it is
> and what is the file name.
>
> Do you guys have any Idea ?
>
>
>
> Udi Dahan
> Security Team Manager
> Abuse Department
> Internet-Gold
> eMail: udi@co.zahav.net.il
> Tel: 03-9399721
> Cel: 055-399781
> Fax:03-9399859
>
> CONFIDENTIAL
>
> The contents of this email and any attachments may
> be confidential.
> It is intended for the named recipient(s) only.
> If you are not the named recipient, please notify
> the sender immediately
> and do not disclose the contents to any other person
> or make any copies.
>
************************************************************************
> **************
>
>

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

Relevant Pages

  • Re: How to hide a file ?
    ... The question really becomes...who am I hiding ... You can hide data or even executables in ADS ... Alternate data streams won't work ... Freedom is an all-or-nothing proposition: ...
    (Vuln-Dev)
  • [opensuse] Could not find module k3bsetup2
    ... kcmshell (kdelibs): WARNING: Could not find module 'k3bsetup2'. ... where is k3bsetup2 supposed to be hiding? ... Everyone is raving about the all-new Yahoo! ...
    (SuSE)
  • Re: [Full-Disclosure] THCIISSLame exploit
    ... > Will your hiding behind a yahoo email address then ... > I'm not gay I'm not afraid of gays and I don't find ... >> tamas you hungry? ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] THCIISSLame exploit
    ... your a little girl hidening behind yahoo do a whois then come find me girl ... > incoming email headers from your AOL mail to see what ... >> Will your hiding behind a yahoo email address then ... >> I'm not gay I'm not afraid of gays and I don't find ...
    (Full-Disclosure)