Full Disclosure mailing list archives

Windows covert channel

From: "Wally Eaton" <WEaton () coj net>
Date: Tue, 21 Oct 2003 08:16:12 -0400

James,
You may be thinking of "Streams" in Windows files. Data can be hidden in secondary files on NTFS partitions. I believe 
it was developed to be compatible with Apple/ MAC systems. In any case the following is an example:

Run CMD
On a NTFS partition

D:\> echo Hello > FrontFile
D:\> type FrontFile
Hello

D:\> echo Good Day >> FrontFile
D:\> type FrontFile
Hello
Good Day

D:\> echo Secret Info > FrontFile:BackFile
D:\> type FrontFile
Hello
Good Day

D:\> more < FrontFile:BackFile
Secret Info

Now add data to the FrontFile only

D:\> echo Good Evening >> FrontFile
D:\> type FrontFile
Hello
Good Day
Good evening

Now add data to the BackFile only

D:\> echo More Secret Data >>FrontFile:BackFile
D:\> more < FrontFile:BackFile
Secret Info
More Secret Data

You will notice if you enter a DIR command that only the FrontFile will be displayed. Furthermore, the size of the file 
will reflect only the content of the FrontFile.
Have a great day.
Wally 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Windows covert channel, (continued)
- - Re: Windows covert channel jazper (Oct 19)
  - Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
  - RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)
- Re: Windows covert channel madsaxon (Oct 19)
- RE: Windows covert channel Bojan Zdrnja (Oct 19)
- Re: Windows covert channel KF (Oct 19)
- Re: Windows covert channel Karl DeBisschop (Oct 19)
  - Re: Windows covert channel Kain (Oct 19)
- Windows covert channel Wally Eaton (Oct 21)
  - Re: Windows covert channel Rainer Gerhards (Oct 21)