Re: How to hide a file ?

["J. J. Horner" <jhorner () 2jnetworks com>]

* H C (keydet89 () yahoo com) [020109 03:15]:
> John,
>
> The below just goes to show you...don't believe
> everything you read on the Internet.  The statement ""
> An alternate stream file can't be executed directly
> because of the colon in the name" is simply incorrect.
>  The 'how' depends on the version of NTFS you're
> on...NTFS4 (NT) or NTFS5 (2K)...but suffice it to say,
> this is incorrect.  The guys from FoundStone have been
> publishing how to do so on NTFS4 for a while now...use
> the 'start' command:
>
> c:\> type c:\winnt\notepad.exe > test.txt:np.exe
>
> c:\> start test.txt:np.exe 
>
> Notepad runs...
>
> When I ran something similar on 2K...
>
> c:\ads>type c:\winnt\notepad.exe > c:\ads:np.exe
>
> This copied the executable into an ADS associated with
> the directory listing.  When I ran it, it showed up as
> 'ads' in both the Task Manager and pslist.exe. 
>
> Other tools provide equally interesting results.

On Windows2k, I run the following commands:

C:\ads>type c:\winnt\system32\sol.exe > c:\ads\explorer.exe:sol.exe
C:\ads>start c:\ads\explorer.exe:sol.exe

On task manager, it shows up as sol.exe, on pulist (from the resource kit) it shows
up as explorer.exe.

It works this way whether I run via Run or via command-line start.

Ideas?

Thanks,
JJ


-- 
J. J. Horner
"H*","6a686f726e657240326a6e6574776f726b732e636f6d"
***************************************************
"H*","6a6a686f726e65724062656c6c736f7574682e6e6574"

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

Attachment: _bin
Description: