[A+] Hidding files

[pyth0n3]

so here i will explain a simple way to hide and execute files in windows system

the first thing will be the command attrib

Here is the syntax

+ Sets an attribute.

- Clears an attribute.

R Read-only file attribute.

A Archive file attribute.

S System file attribute.

H Hidden file attribute.

/S Processes matching files in the current folder and all subfolders.

/D Processes folders as well.

so here is an example:

attrib +h trojan.exe

so this code will add the hidden attribute to trojan.exe and it will not be seen

attrib -h trojan.exe

so this command will show the hidden file in aour case trojan.exe

Another way to hide files in a NTFS file system wil be the Alternate Data Stream ,so this can also be used in Windows Vista

It not works in a FAT file-system

So here is a short example of this

Go on Start>Run>CMD

and now make a folder for this example ,i've made this folder in c:

so when you open CMD just type cd c:\ an then make a directory for this example called test

mkdir test 

then go on that directory

cd \test

So we can beggin

We will create a text file called ads.txt that stay for Alternate Data Stream ,and we will hide another text file behind ads.txt

So the hidden file will be hidden.txt ad we will put some text in this hidden.txt file.

The file ads.txt will be empty

so here is the syntax

echo This is an Alternate Data Stream hidden file > ads.txt:hidden.txt

So the next step will be reading the hidden file so we will type the follow command

notepad ads.txt:hidden.txt

here we are using notepad to read what is inside the file hidden.txt

OK ,so let's see how we can hide and execute an trojan horse ,in the next example i will

use the calc.exe tool cause this tool exist in any computer with windows based system

So let's say that calc.exe is an trojan horse and we need to hide this trojan behind another file using the Alternate Data Stream

In this example we will hide calc.exe in ads.txt file that already have another file hidding

so the syntaz will be:

type c:\windows\system32\calc.exe > ads.txt:trojan.exe

So here we hide calc.exe end we called him trojan.exe

Let's execute this ALternate Data Stream

start c:\test\ads.txt:trojan.exe

so here must apear a simple calc on the screen ,but if this calc was a trojan horse?

Another simple way to execute this can also be :

start .\ads.txt:trojan.exe

So here we need to delete this Alternate Data Stream

We can just siple copy the file ads.txt on a usb pen with FAT file-system and all data hidden behind this file will be deleted

another way will be .

type ads.txt > adscopy.txt
del ads.txt 
ren adscopy.txt ads.txt

And we will have an ads.txt file without nothing hidden or pending

Countermeasure for Alternate data stream:

There are meany tools that can find an ads on your computer

Crucialads Crucial Security Programs—Security and Services

Streamexplorer Stream Explorer

So here are some picture with streamexplorer that i've made to see how can this tool detect ADS

ScreenHunter_07 Mar. 13 17.44.gif

ScreenHunter_10 Mar. 13 17.46.gif

Here you will see all the hidden data behind ads.txt that is an empty file .

Another way to hide files can be the Stenography

Steganography - Wikipedia, the free encyclopedia

and here you can find meany tools to use

StegoArchive.Com - Steganography Information, Software, and News to Enhance Your Privacy

edit:

Writed by pyth0n3

Edited March 13, 2010 by pyth0n3

[Guest Kabron]

Data viitoare da si credite mosule.

[pyth0n3]

Data viitoare da si credite mosule.

In ce sens credite ca nu te inteleg ce ai zis ?

[jigsy18]

adica sa spui de unde ai luat articolul

[pyth0n3]

pai lam scris eu

Edited March 13, 2010 by pyth0n3

[Alexander33]

prea tare

am reusit sa fac un .txt care daca il deschid cu winamp/VLC.... incepe sa cante melodia si are .txt-ul 9 MB

Multam frate, ce-i fac profei de info de nu ma trece cu 10 pana in a 12-a )

LE:incerc sa vad daca merge sa ascund un troian dupa o melodie

[Gonzalez]

Danke.

-Gonzalez