Today we are going to figure out very important and amazing threat which is exists inside the windows NTFS system.
Here I am talking about alternate data stream or also knows as ADS which is very big threat for windows environment and also exist inside the window.
So the ADS was added to NTFS file system to support the old Macintosh hierarchical file system (HFS) like ADS is present in win NT,2000,xp , win7 etc.
The main goal of the ADS inside NTFS SYSTEM is to uses resource forks to store icons and other information for a particular file but it can be used by other purpose too which is not desirable at the point of security perspective.
So what is the problem with the ADS ?and why it is can be dangerous or consider as a big threat for windows security?
so let me explain you , using ADS we can easily hide the data or we can say file which cannot easily detected by the security professional or administrator. A malicious person can easily use this loop hole to hide malware or other secretes massage inside the file using ADS. We can hide text file executable file or even execute them successfully.
Demo TutorialHere we can see the demo how ADS work and how we can hide the file using ADS:-
Ok I am gonna make new file called shwome.txt using cmd:-
D:\inno>echo you can see me > showme.txt
So here a file is created which contain a line “you can see me”
You can verify it by using command type like this :-
you can see me
ok now we are going to make ADS and hide the another file inside this file:-
D:\inno>echo you cant see me >showme.txt:nome.txt
Ok here we created one ADS using : operator and now we have 2 file one is showme.txt
And there is nome.txt which is hidden now the best part of ADS is if you gonna check the size of the file it remain the same means though we had created 2 file but it only show the size of one file which we have created first that is showme.txt is not it, amazing ?
Now if you gonna see showme.txt it only shows the text “you can see me”
And if you want to see the hidden file text you need to use notepad because type command will not work because of : operator
So we must use this :-
And a notepad popup window appears and u can see the hidden text of hidden file.
Ok so we can do lot of things with the use of ADS we can bind .exe file we can hide folder we can hide movies file and lots of things.
About Author:Fantastic Techie And A wonderful friendly Guy.
You can contact him by e-mial id firstname.lastname@example.org
Finally Thanks to Prayas For your article really its a beautiful technique to learn.
Guest post are always welcome :) If you know something share it because
"greatest joy is the joy of sharing "