Penetration Testing mailing list archives
Re: [PEN-TEST] Raw Disk Mounter
From: c0ncept <c0ncept () 403-SECURITY ORG>
Date: Fri, 15 Dec 2000 08:29:56 -0800
Hex-workshop by Break Point Software has a feature allowing you to do this -- I've been using it a lot lately for work on NTFS. It allows you to view the raw hex/ascii of a volume, has several usefull features including string searches letting you specify using ASCII, Unicode, or either (*very* usefull for NTFS), a copy feature that lets you format what you copy onto the clipboard in a number of formats, inclduing preformated HTML (looks nice, octets are in alternating colors), RTF, or C -- if you copy a sequence of hex into c and pase it into a source file, it gives you an array. A demo is available at http://www.hexworkshop.com/. Sadly, it's only available on win32. Off topic, but related -- does anybody know of an API that allows me to access the contents of a raw volume? Hex workshop does it, and I've seen a couple of programs that search for Alternate Data Streams that I assume dump the MFT using this technique (Or maybe I just don't have appropriate rights to open $MFT with CreateFile()? Anybody?). --c0ncept -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Clem Colman Sent: Thursday, December 14, 2000 5:34 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Raw Disk Mounter Folks, Do you know of any file systems or products that just allow you to mount partitions and just read the tracks as raw data, dump it to a file etc on another file etc. The problem is I know what I'm looking for but can't mount the disk using the correct file system type. Ideas? Thanks, Clem.
Current thread:
- Re: [PEN-TEST] Suspect .EXE Trojan, (continued)
- Re: [PEN-TEST] Suspect .EXE Trojan Mike Forrester (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ken Pfeil (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- [PEN-TEST] Raw Disk Mounter Clem Colman (Dec 15)
- Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)