Practical Guide to Alternative Data Streams in NTFS

Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.

(Note about conventions: Alternative Data Streams are also sometimes referred to as Alternate Data Streams or ADS. Since Alternative Data Streams is so long, an ADS can be confused with Active Directory Services I will simple call this feature AltDS for short.)

Creating an AltDS

Making an AltDS is fairly simple. I will use command line examples, feel free to follow along. We could hide some data in an AltDS behind an already existing file, but for this example we will create a new base file to hide behind:


C:>echo Just a plan text file>sample.txt

C:>type sample.txt
Just a plan text file

C:>


Next we will use a colon as the operator to tell our commands to create or use an AltDS:


C:>echo You can't see me>sample.txt:secret.txt


Unfortunately, the use of the colon operator is a bit hit or miss in its' implementation and some times does not work as we might expect as seen below:


C:>type sample.txt:secret.txt
The filename, directory name, or volume label syntax is incorrect.

Since the "type" command does not understand the colon operator we will have to use notepad to read the file:


C:>notepad sample.txt:secret.txt


If all worked well, you should not see a notepad window with the text "You can't see me" in it. Also notice that while the amount of total hard drive space free went down the file size of sample.txt did not increase:


C:>dir sample.txt
Volume in drive C has no label.
Volume Serial Number is 40CC-B506

Directory of C:

09/27/2004 01:58 PM 23 sample.txt
1 File(s) 23 bytes
0 Dir(s) 12,658,040,832 bytes free

C:>


You can make an AltDS in not only files, but also directories, here is a quick example:


C:>md stuff

C:>cd stuff

C:stuff>echo Hide stuff in stuff>:hide.txt

C:stuff>dir
Volume in drive C has no label.
Volume Serial Number is 40CC-B506

Directory of C:stuff

09/28/2004 10:19 AM

.
09/28/2004 10:19 AM ..
0 File(s) 0 bytes
2 Dir(s) 12,253,208,576 bytes free

C:stuff>notepad :hide.txt


Hopefully you now see a notepad window with hide.txt's contents. If all one could do with AltDS was hide text files it would not be that impressive, but there's much more that can be done with this useful NTFS feature.

Hiding and running an executable.

As it turns out, using AltDS to hide executables is not much harder than it is to hide text files. AltDS makes for a great way for malware to hide itself on a system. Here's an example of how and executable can be hidden behind another file:

First we make our file to hide behind:


C:WINDOWS>echo Test>test.txt


Next we put an EXE behind is, I'm just using notepad.exe because it's convenient:


C:WINDOWS>type notepad.exe>test.txt:note.exe


Next we confirm the contents of the text file when some one tries to open it.


C:WINDOWS>type test.txt
Test


Now we will confirm the file size, notice that adding notepad.exe as a steam did not increase the size of test.txt.


C:WINDOWS>dir test.txt
Volume in drive C has no label.
Volume Serial Number is 007E-2E3C

Directory of C:WINDOWS

09/19/2004 08:37 AM 6 test.txt
1 File(s) 6 bytes
0 Dir(s) 19,734,708,224 bytes free


Now we will attempt to run our hidden exe. Notice the "." in front of the file name, this is necessary because the "start" command needs to know the correct path to the file (at least if you are using XP).


C:WINDOWS>start .test.txt:note.exe

C:WINDOWS>


If all worked well there should now be a notepad window up on your system. You should be able to hide just about any other EXE file this way if you wish.

Batch Programming Basics

The Basic's of Batch file programming. Explains you what batch file programming is and hot to create batch files.

• The Basics of Batch File Programming

Batch file programming is nothing but a batch of DOS ( Disk Operating System ) commands, hence the name Batch. If you code a lot and know many languages you are sure to notice that Operating System ( OS )specific langauges ( languages that work only on a particular operating system, eg: Visual Basic Scripting works only in Windows ) give you amazing control over the system. This is why Batch is so powerfull, it gives you absolute control over DOS. Batch isnt reccomended at all because it is OS specific, but it is fun and easy to learn. This tutorial will not only teach you Batch file programming but also how to fend for yourself and learn more commands that tutorials dont teach you.

The first command you should know is ECHO. All ECHO does is simply print something onto the screen. It's like "printf" in C or "PRINT" in Basic. Anyway, this is how we use it.

ECHO Hello World!

All right, now save the above line as a .bat file and double click it. This should be the output -

C:WINDOWSDesktop>ECHO Hello World!
Hello World!

Hmmm, notice that it shows the command before executing it. But we're coders right? We dont want our code to look so untidy so just add an @ sign before ECHO and execute it. Woohoo! much better. The @ sign tells DOS to hide from the user whatever commands it is executing. Now, what if I want to write to a file? This is how I do it -

@ECHO Hello World > hello.txt

Simple huh? Remember, ">" to create or overwrite a file and ">>" to append ( write at the end ) of a file that already exists. Guess why this program wont work as desired to -

@ECHO Hello World > hello.txt
@ECHO Hello World Again > hello.txt

Looking at it, you will see that the program is supposed to write two lines one after another but it wont work because in the first line it will create a file called hello.txt and write the words "Hello World" to it, and in the second line it just over-writes the earlier text. So actually what it is doing is that it creates a file and writes to it and then over-writes what it had earlier written, to change this we just add a ">". The additional ">" will make DOS append to the file. So here's the improved form of the program -

@ECHO Hello World > hello.txt
@ECHO Hello World Again >> hello.txt

Save the above code as a .bat file and execute it, it will work without a hitch. The next thing we should learn is the GOTO statement. GOTO is just the same as it is in BASIC or for that fact any programming langauge but the only difference is between the labels.

This is a label in C or BASIC - label:

This is a label in batch - :label

In C or BASIC, the ":" comes after the label and in Batch it comes before the label. Bear this in mind as you proceed. Here's an example of the GOTO statement -

:labelone
@ECHO LoL
GOTO labelone

If you execute this code, you will see that it is an unlimited loop; it will keep printing to the screen till the end of time if you dont interupt it Smile The GOTO statement is very usefull when it comes to building big Batch programs. Now, we will learn the IF and EXIST commands. The IF command is usually used for checking if a file exists, like this -

@IF EXIST C:WINDOWSEXPLORER.EXE ECHO It exists

Observe that I have not used inverted commas ( " ) as I would in BASIC or C. The EXIST command is only found in Batch and not in any other language. The EXIST command can also be used to check if a file does not exist, like this -

@IF NOT EXIST C:WINDOWSEXPLORER.EXE ECHO It does not exist

Remember, Batch is not a language like C or BASIC or Pascal, it cannot do mathematical functions. In Batch, all you can do is control DOS. In the above example notice that there is no THEN command as there would be in most languages.
Sick and tired off using the @ sign before each and every command ? Let's do some research, go to the DOS prompt and type in ECHO /? and press enter. Interesting, in this way, when you hear of a new DOS command you dont know about, just type in "command /?" and you can get help on it. Now back to ECHO. According to the help we received by typing in ECHO /? you must have concluded if you type in ECHO OFF you no longer need to type an @ sign before every command.
Wait! just add an @ before ECHO OFF so that it does not display the message - ECHO is off.

The next command we are going to learn about is the CLS command. It stands for CLear Screen. If you know BASIC, you will have no problem understanding this command. All it does is clear the screen. Here's an example -

@ECHO OFF
CLS
ECHO This is DOS

This command need's no further explanation but type in CLS /? to get more help on the command.

The next command we are going to learn is CD. It stands for Current Directory. It displays the current directory in which you are if you just type in "CD" but if you type in"CD C:WindowsDesktop" it will take you to the Desktop. Here's an example -

@ECHO OFF
CD C:WindowsDesktop
ECHO Testing.. > test.txt
ECHO Testing...>>test.txt

This will change the directory to the Desktop and create a file there called test.txt and write to it. If we had not used the CD command, this is how the program would have looked.

@ECHO OFF
ECHO Testing.. > C:WindowsDesktoptest.txt
ECHO Testing...>> C:WindowsDesktoptest.txt

See the difference? Anyway that's all for the The Basics of Batch File Programming. Remember, each an every DOS command can be used in Batch.

Unthinkable Hacking Techniques !!!

Hi Guys !
I am writing this article for those who use pirated soft wares. Because this is the time to stop using pirated soft wares. You can't even imagine what your loss can be if you are using your PC for professional purposes.

• Usually we download soft wares from various forums/boards which provides cracks or keygens. These keygens are not only keygens but most of the time small server programs (hack tool) which transfers your sensitive data over internet to someone. If you are using Windows Firewall , it is quite easy to bypass the windows firewall. you wont be able to know that your data is being sent over the internet. and Same thing goes for the CRACKS also. Spreading trojans is quite easy by providing game cracks or some full screen applications. Because user won't be able to know what is going on behind the full-screen. So beware of using cracks and keygens. Your anti-virus may or may not detect such malware. Now a days viruses are created more rapidly than detected.

• Another MOST DANGEROUS HACKING TECHNIQUE is quite undetectable. You know what are you type in browser's address bar is resolved by your ISP's Domain Name Servers. What if your request goes to a hackers's machine first and then goes to ISP. Yes, this is possible a simple VBSCRIPT or WSH Script can do the trick. you won't be able to know that you are being watched or you are being traced. No firewall or no anti-hacking tool will help you. Usually such scripts might be available as registration scripts for some kind of software s.

• Now About Windows XP users, this operating system's services are available through internet which can be very dangerous. Do you that by default you are all drives are ready to share data over network. Another thing is TERMINAL SERVICES which allows multiple users on a single machine. It means if you are working on your machine, if someone can log in to your machine remotely and you won't be alerted.

• If you are downloading Operating Systems from Internet. Then take care that you download from trusted sources only. Cause it is very easy to embed some tracking code into your OS Images which can not be detected later on by any security software.

• If you are using LINUX Operating Systems, it is highly recommended that you use the soft-wares from trusted sources only otherwise you can be hacked or can cause damage to your machine.

• Another good hacking tool is sniffer which is used by network administrator. It scans the network traffic and can filter sensitive information like passwords, credit card numbers etc. So if you are using credit cards at cafes so beware. you can be victim.

How to hide your hard drive?

Here is an easy manual method on how to lock and hide hard-drives.

Follow these steps below:

1. Open Registry[Administrator Account only] (go to run command, type "regedit" and press enter)

2. Then go to this key

Code:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

3. Now click right button and create DWORD Value (blue color)

4. Rename it as "NoViewOnDrive" (for locking drive)

or

Rename it as "NoDrives" (for Hiding drive)

5. Double click it and put some numbers to lock ur desired Drive and click ok.

6. Here is Drive No.

A: 1

C: 4

D: 8

E: 16

F: 32

G: 64

H: 128

7. Finally restart or log-off the computer to take effect.