RE: How to hide a file ?

From: H C (keydet89@yahoo.com)
Date: 01/10/02

• Previous message: Bojan Zdrnja: "RE: How to hide a file ?"
• In reply to: Young, Brandon: "RE: How to hide a file ?"
• Next in thread: Vincent Tiu (AV-PH): "RE: How to hide a file ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 10 Jan 2002 06:53:48 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: "Young, Brandon" <Brandon.Young@Honeywell.com>

> If I remember correctly from the earlier thread on
> this same topic you
> stated that this is only possible on NTFS and that
> if you were to move the
> ADS file to FAT that you would lose the files
> attached or something to that
> effect.

Yes. If the file created on NTFS w/ ADSs touches a
non-NTFS file system, the ADSs are not carried over.

> The question I had was this. Would it be
> possible to take a file
> (test.txt) and bind multiple tools in ADS and the
> transfer the file via ftp
> on to another box, also is using NTFS, would the
> programs still accessible
> via the start command. I tested this with a Win2K
> box and NT4.0 and was
> unsuccessful. So were the results accurate?

I have no idea. Other than in very general terms, you
haven't stated what your testing methodology was. Did
you first confirm that the ADSs were bound to the file
before the FTP transfer? If so, how? What tool did
you use? Did you do a packet capture on the network
to observe the transfer? What tool did you use (other
than 'start') to see if the ADSs remained after the
transfer?

Also, what command line did you use w/ 'start'? We've
seen in this thread alone where a full path is
required on Win2K systems, even if the file and ADS
are in the current directory.

In order to provide in put on your testing, the
methodology needs to be known fully, so that it can be
reproduced. I'm not trying to sound elitist or
superior, simply trying to get information.

> Is there
> no way to hide programs
> using ADS and transfer the file by normal means and
> still have them exist?

What is 'normal' means? 'Normal' on a Windows network
means file sharing, and it's been shown that this
works.

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

---

• Previous message: Bojan Zdrnja: "RE: How to hide a file ?"
• In reply to: Young, Brandon: "RE: How to hide a file ?"
• Next in thread: Vincent Tiu (AV-PH): "RE: How to hide a file ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: How to hide a file ? ... One way to transfer files with streams to another ... computer with NTFS is through the use of WinRAR. ... that if you were to move the ADS file to FAT that you would lose the files ... successive ADSs will eventually fill up all of the ... (Vuln-Dev) RE: How to hide a file ? ... that if you were to move the ADS file to FAT that you would lose the files attached or something to that effect. ... the file via ftp on to another box, also is using NTFS, would the programs still accessible via the start command. ... successive ADSs will eventually fill up all of the ... malicious manner. ... (Vuln-Dev) RE: How to hide a file ? ... ADSs can be bound to only to ... entries are stored as NTFS alternate data streams. ... file as an ADS that starts w/ an unprintable ASCII ... Send FREE video emails in Yahoo! ... (Vuln-Dev) Re: Alternate data Streams ... MS-MVP Windows Shell/User ... and all retain the ADS when files are copied between ... To get rid of Alternate Data Streams on any file, move to a non NTFS ... (microsoft.public.windowsxp.general) Re: Alternate data Streams ... and all retain the ADS when files are copied between them. ... from the NTFS drives, ... Alternate Data Streams are pieces of info hidden as metadata on ... Is there any advantage to the NTFS format over FAT32?,. ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)