Showing posts with label windows. Show all posts
Showing posts with label windows. Show all posts
Tuesday 20 March 2012
Some Fun With Alternate Data Streams
I have not been blogging for a while because of exams but now I'm free for few days so here comes another post back from my home village. This time, I'm going to share some basic funs with alternate data streams from theory to some practical stuffs.
What is Alternate Data Stream Alternate Data Stream(ADS) is a kind of file system fork which allows more than one data stream to be associated with a single filename. Alternate Data Stream was introduced by Microsoft as a part of its NTFS file system. Alternate Data Streams are not shown by Windows Explorer and even the dir command and size of ADS is also excluded from the file size. The dir command however allows us to view the alternate data streams using the dir /R command in Windows Vista and above.
One use of ADS could be hiding the information as alternate data streams in the file but beware that copying the file to non-NTFS file systems will make you loose the information in the ADS. ADS was originally introduced to store file information and properties however any user can hide any kind of information in the ADS. Some malwares have utilized the ADS to hide their code so most antiviruses today also scan the ADS of any file to find anything fishy.
Note that the format used to create(and access) ADS is filename:ADSname. A relatively simple guide I had written a while ago is HERE.
Now lets move on to some interesting stuffs and for that, I am creating a directory named "samar" in Desktop. We will first create a simple text file by using the command below:
Now lets add an alternate data stream by issuing the following command:
Lets issue the dir command to see what it lists:
We can see no information regarding the alternate data stream we just added to the file and lets see if the type command shows anything by just opening the file.
So where is the private stuff we've put as ADS in the file? Even viewing the file from windows explorer does not show the content in ADS and of course the size is also not included. The point here is the malicious user might add something bad in the alternate data stream and send to a normal PC user. The unsuspecting user will not know if there's anything other than just the text file. Now lets see how we can see the alternate data stream.
For a while, lets pretend that we don't know that the ADS is added in the file. So first we will use the commands to see if there's any ADS in the file. The simplest one is to use dir /R command as below:
We can see that besides the ads.txt file, there is another entry ads.txt:private:$DATA. By examining this file, we come to know that the alternate data stream with the name private is present in the file ads.txt and the alternate data stream is nothing but just the data. However, as stated earlier, only Vista and above contain the dir command that lets us list the alternate data streams. In such case, you can download a small utility named streams from Microsoft Technet. The streams tool also allows us to delete the ADS easily which is possible but a bit obscure for normal PC user. Now to view the content of the alternate data stream, we will use notepad:
Note that this time we didn't use type command since it does not support the use of colon in the command. We used the notepad but we could also use another command known as more as below:
The fun with ADS just does not stop here. We could do much more than this but the basic idea is same. We can embed executables and codes within the ADS and run those executable whenever necessary. I'll leave this as homework for you guys since it won't be hard to figure it out once you've understood the basics I've discussed above.
The alternate data stream has already been exploited in IIS, the primary web server from Microsoft. Following is the example I've taken from OWASP on how it could be exploited in IIS.
Normal access:
http://www.alternate-data-streams.com/default.asp Show code bypass accessing the :$DATA alternate data stream:
http://www.alternate-data-streams.com/default.asp::$DATA
Last thing I would like to discuss is how to delete the alternate data streams. The streamers tool provides a -d switch to delete the ADS and it also supports the wildcards for deleting the streams. Another way of deleting the alternate streams is to copy the file in non-NTFS drives such as to FAT32-formatted pendrives and then copying back. Of course, you could also save the content of main stream in another file and then delete the original file that consists of stream.
I hope this helps you. Please let me know if I should add something to it. :)
Read more...
What is Alternate Data Stream Alternate Data Stream(ADS) is a kind of file system fork which allows more than one data stream to be associated with a single filename. Alternate Data Stream was introduced by Microsoft as a part of its NTFS file system. Alternate Data Streams are not shown by Windows Explorer and even the dir command and size of ADS is also excluded from the file size. The dir command however allows us to view the alternate data streams using the dir /R command in Windows Vista and above.
One use of ADS could be hiding the information as alternate data streams in the file but beware that copying the file to non-NTFS file systems will make you loose the information in the ADS. ADS was originally introduced to store file information and properties however any user can hide any kind of information in the ADS. Some malwares have utilized the ADS to hide their code so most antiviruses today also scan the ADS of any file to find anything fishy.
Note that the format used to create(and access) ADS is filename:ADSname. A relatively simple guide I had written a while ago is HERE.
Now lets move on to some interesting stuffs and for that, I am creating a directory named "samar" in Desktop. We will first create a simple text file by using the command below:
echo An ordinary text file > ads.txt
Now lets add an alternate data stream by issuing the following command:
echo I am secret > ads.txt:private.txt
Lets issue the dir command to see what it lists:
Volume in drive C has no label.
Volume Serial Number is 90E7-CBCA
Directory of C:\Users\SINDHUS\Desktop\samar
03/20/2012 09:58 AM <DIR> .
03/20/2012 09:58 AM <DIR> ..
03/20/2012 09:56 AM 24 ads.txt
3 File(s) 24 bytes
3 Dir(s) 22,683,332,608 bytes free
We can see no information regarding the alternate data stream we just added to the file and lets see if the type command shows anything by just opening the file.
C:\Users\SINDHUS\Desktop\samar>type ads.txt
An ordinary text file
An ordinary text file
So where is the private stuff we've put as ADS in the file? Even viewing the file from windows explorer does not show the content in ADS and of course the size is also not included. The point here is the malicious user might add something bad in the alternate data stream and send to a normal PC user. The unsuspecting user will not know if there's anything other than just the text file. Now lets see how we can see the alternate data stream.
For a while, lets pretend that we don't know that the ADS is added in the file. So first we will use the commands to see if there's any ADS in the file. The simplest one is to use dir /R command as below:
C:\Users\SINDHU'S\Desktop\samar>dir /R
Volume in drive C has no label.
Volume Serial Number is 90E7-CBCA
Directory of C:\Users\SINDHU'S\Desktop\samar
03/20/2012 09:58 AM <DIR> .
03/20/2012 09:58 AM <DIR> ..
03/20/2012 09:56 AM 24 ads.txt
14 ads.txt:private.txt:$DATA
03/20/2012 09:58 AM 496 info.txt
2 File(s) 520 bytes
3 Dir(s) 22,881,669,120 bytes free
We can see that besides the ads.txt file, there is another entry ads.txt:private:$DATA. By examining this file, we come to know that the alternate data stream with the name private is present in the file ads.txt and the alternate data stream is nothing but just the data. However, as stated earlier, only Vista and above contain the dir command that lets us list the alternate data streams. In such case, you can download a small utility named streams from Microsoft Technet. The streams tool also allows us to delete the ADS easily which is possible but a bit obscure for normal PC user. Now to view the content of the alternate data stream, we will use notepad:
C:\Users\SINDHUS\Desktop\samar>notepad ads.txt:private.txt
Note that this time we didn't use type command since it does not support the use of colon in the command. We used the notepad but we could also use another command known as more as below:
C:\Users\SINDHU'S\Desktop\samar>more < ads.txt:private
I am secret
I am secret
The fun with ADS just does not stop here. We could do much more than this but the basic idea is same. We can embed executables and codes within the ADS and run those executable whenever necessary. I'll leave this as homework for you guys since it won't be hard to figure it out once you've understood the basics I've discussed above.
The alternate data stream has already been exploited in IIS, the primary web server from Microsoft. Following is the example I've taken from OWASP on how it could be exploited in IIS.
Normal access:
http://www.alternate-data-streams.com/default.asp Show code bypass accessing the :$DATA alternate data stream:
http://www.alternate-data-streams.com/default.asp::$DATA
Last thing I would like to discuss is how to delete the alternate data streams. The streamers tool provides a -d switch to delete the ADS and it also supports the wildcards for deleting the streams. Another way of deleting the alternate streams is to copy the file in non-NTFS drives such as to FAT32-formatted pendrives and then copying back. Of course, you could also save the content of main stream in another file and then delete the original file that consists of stream.
I hope this helps you. Please let me know if I should add something to it. :)
Read more...
Bookmark this post: | 
|
Saturday 24 December 2011
Hiding Information In Text Files Using Notepad [Windows]
Hi everybody, I had long ago read about hiding information inside text files using notepad and today I suddenly remembered while doing some other task. So I am sharing this little trick of hiding information inside the text file using notepad.
Open command prompt (Run-> Cmd) and then navigate to the directory (using cd command) where you want to save your text file. Now, type the following command:
Replace filename part and password with yours as shown in the screenshot above and then you will be asked if you wish to create a new file or not(See the screenshot below) and then click on Yes to create the file.
Now enter your secret information in the file and save the file. Close the file and if you need to access the contents later, you will have to use the exact command you used while creating the file. If you or someone else edits your file without giving the password, your original hidden content will not be erased and you can still access the content with your original command.
I hope this trick is new for you. :)
Read more...
Open command prompt (Run-> Cmd) and then navigate to the directory (using cd command) where you want to save your text file. Now, type the following command:
notepad file.txt:mypassword
Replace filename part and password with yours as shown in the screenshot above and then you will be asked if you wish to create a new file or not(See the screenshot below) and then click on Yes to create the file.
Now enter your secret information in the file and save the file. Close the file and if you need to access the contents later, you will have to use the exact command you used while creating the file. If you or someone else edits your file without giving the password, your original hidden content will not be erased and you can still access the content with your original command.
I hope this trick is new for you. :)
Read more...
Bookmark this post: |
|
Saturday 29 October 2011
Bulk Image Resizing Tools For Windows
You will most likely find a situation when you need to resize multiple images at once. One example is while uploading pictures taken from high megapixel digital cameras. I had the same situation and googled to find few useful softwares for windows which I am going to list here.
1) Picture Resizer: An easy-to-use and free standalone tool for batch resizing of JPG pictures and photos. The tool is using high-quality resizing method, where color of each pixel is a weighted average of all covered pixels from the original image. Linear interpolation is used when zooming in. The algorithm is optimized to work with gamma-corrected pictures.
2) Fotosizer: Fotosizer is a free batch photo/image resizer tool. It lets you resize hundreds of photos in a matter of minutes in a quick and easy way. With Fotosizer, you can shrink JPEG image files, along with other supported formats, and dramatically reduce internet transfer times, enabling you to quickly and easily prepare your image collections to be published on the web.
3) Imagisizer: Imagisizer is absolutely the easiest, straight forward, image resizer and
converter around. It supports major image formats such jpg, png, gif and bmp. You need .NET framework for this tool to work which is bundled along with most moder Windows OS I guess.
4) PhotoResizer: Simple tiny sized batch resizing tools supporting multiple formats in input but only jpeg as output.
I hope some of these tools count useful for you as well like they did to me.
Read more...
1) Picture Resizer: An easy-to-use and free standalone tool for batch resizing of JPG pictures and photos. The tool is using high-quality resizing method, where color of each pixel is a weighted average of all covered pixels from the original image. Linear interpolation is used when zooming in. The algorithm is optimized to work with gamma-corrected pictures.
2) Fotosizer: Fotosizer is a free batch photo/image resizer tool. It lets you resize hundreds of photos in a matter of minutes in a quick and easy way. With Fotosizer, you can shrink JPEG image files, along with other supported formats, and dramatically reduce internet transfer times, enabling you to quickly and easily prepare your image collections to be published on the web.
3) Imagisizer: Imagisizer is absolutely the easiest, straight forward, image resizer and
converter around. It supports major image formats such jpg, png, gif and bmp. You need .NET framework for this tool to work which is bundled along with most moder Windows OS I guess.
4) PhotoResizer: Simple tiny sized batch resizing tools supporting multiple formats in input but only jpeg as output.
I hope some of these tools count useful for you as well like they did to me.
Read more...
Bookmark this post: |
|
Friday 28 October 2011
How To View System Information In Windows
You can easily view the information about your system using a simple command in windows. The systeminfo command lets the administrator query for basic system configuration information.
The command produces significant amount of information that might be useful for system troubleshooting and other purposes.
Open the command prompt by typing "cmd" or "command.com" in Run option.
To find information regarding your system, type systeminfo in the prompt. In few seconds the command will produce the output about basic system configuration. Example output is shown below:
Since the output command produces large lines of output, it is better to save the output to the text file and later analyze the text file. The redirection operator can simplify this task. The command below would save in the filename specified:
The output will be saved in the specified filename. Also, the information can be saved in different formats which can be specified as below:
Other values /FO takes are TABLE and LIST.
I hope this helps you. :)
Read more...
The command produces significant amount of information that might be useful for system troubleshooting and other purposes.
Open the command prompt by typing "cmd" or "command.com" in Run option.
To find information regarding your system, type systeminfo in the prompt. In few seconds the command will produce the output about basic system configuration. Example output is shown below:
Host Name: COMPUTER-1164
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Bugs Bunny
Registered Organization: Warner Brothers Movie World
Product ID: 76487-640-1457236-23040
Original Install Date: 26/10/2011, 22:24:31
System Up Time: 0 Days, 1 Hours, 16 Minutes, 12 Seconds
System Manufacturer: ECS
System Model: G31T-M7
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2793 Mhz
BIOS Version: 073108 - 20080731
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT+05:45) Kathmandu
Total Physical Memory: 2,038 MB
Available Physical Memory: 1,367 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 1,995 MB
Virtual Memory: In Use: 53 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\COMPUTER-1164
Hotfix(s): 342 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
**Snipped To Save Spaces**
NetWork Card(s): 1 NIC(s) Installed.
[01]: Atheros L2 Fast Ethernet 10/100 Base-T Controller
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.2
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Bugs Bunny
Registered Organization: Warner Brothers Movie World
Product ID: 76487-640-1457236-23040
Original Install Date: 26/10/2011, 22:24:31
System Up Time: 0 Days, 1 Hours, 16 Minutes, 12 Seconds
System Manufacturer: ECS
System Model: G31T-M7
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2793 Mhz
BIOS Version: 073108 - 20080731
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT+05:45) Kathmandu
Total Physical Memory: 2,038 MB
Available Physical Memory: 1,367 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 1,995 MB
Virtual Memory: In Use: 53 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\COMPUTER-1164
Hotfix(s): 342 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
**Snipped To Save Spaces**
NetWork Card(s): 1 NIC(s) Installed.
[01]: Atheros L2 Fast Ethernet 10/100 Base-T Controller
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.2
Since the output command produces large lines of output, it is better to save the output to the text file and later analyze the text file. The redirection operator can simplify this task. The command below would save in the filename specified:
systeminfo > filename.txt
The output will be saved in the specified filename. Also, the information can be saved in different formats which can be specified as below:
systeminfo /FO CSV > filename.txt
Other values /FO takes are TABLE and LIST.
I hope this helps you. :)
Read more...
Bookmark this post: |
|
Wednesday 26 October 2011
Bleeding Life 2 Released By Blackhat Academy
Bleeding Life 2 is a browser exploit pack that affects the web browsers on the Microsoft Windows operating system with remote code execution and buffer overflows. The tool can be used to launch client side browser exploits to the vulnerable users.
The wiki page of Bleeding Life enlists the exploits and features of this tool.
For download, click HERE.
Read more...
The wiki page of Bleeding Life enlists the exploits and features of this tool.
For download, click HERE.
Read more...
Bookmark this post: |
|
Sunday 9 October 2011
Rip Audio CDs With Windows Media Player
You need not download any other Audio CD ripping software in windows to rip your Audio CD as Audio CD ripping can be easily done with windows media player. I was thinking I might need to download ripping tools but I just guessed WMP might also have such feature and yeah it had easy way to do so. I'm here to help those non-techie people out there rip the audio CD.
First insert your Audio CD and play it with windows media player. There's a ripping option directly available in the interface. The screenshot provided below will help you to adjust your ripping settings. You might want to adjust the rip settings from the interface itself. Then select the tracks that you want to rip and click on the Rip CD button. Ripping will take few minutes and then output folder will open.
Read more...
First insert your Audio CD and play it with windows media player. There's a ripping option directly available in the interface. The screenshot provided below will help you to adjust your ripping settings. You might want to adjust the rip settings from the interface itself. Then select the tracks that you want to rip and click on the Rip CD button. Ripping will take few minutes and then output folder will open.
Read more...
Bookmark this post: |
|
Monday 3 October 2011
How To Activate Administrator Account In Windows 7
Many of you might be wondering where is the administrator account in windows 7 that used to be available by default in win XP. By default, the administrator account is disabled in windows 7 and you will learn the simple way to enable that account.
First, run the command prompt with admin rights. For that, navigate to C:\windows\system32 and right click on cmd.exe and click on Run as administrator. Now type the following command in the command prompt and you are good to go.
On success, you would see the message as in the screenshot below and now your admin account is enabled for logging in.
Disabling is not difficult either. I guess you've already figured it out. Just type the following command to disable the administrator account.
I hope this helps. :)
Read more...
First, run the command prompt with admin rights. For that, navigate to C:\windows\system32 and right click on cmd.exe and click on Run as administrator. Now type the following command in the command prompt and you are good to go.
net user administrator /active:yes
On success, you would see the message as in the screenshot below and now your admin account is enabled for logging in.
Disabling is not difficult either. I guess you've already figured it out. Just type the following command to disable the administrator account.
net user administrator /active:yes
I hope this helps. :)
Read more...
Bookmark this post: |
|
Monday 29 August 2011
More Multi-Tabbed Putty Tools
In the previous post, MTPuTTY(which was written in native win32 code) was introduced as the solution for multiple tabs in Putty. But there are few other solutions already for multiple tabs in PuTTY which I am introducing in this post.
Both the tools I am talking about require .NET framework 2.0 to function which was not the necessity of MTPuTTY.
The first one is PuTTY Connection Manager addon. PuTTY Connection Manager is a free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances.
For more details and downloads, visit official site.
Another tool is PuTTYTabs which reads the Registry information of PuTTY and opens a new tab for each opened window by the user. The source code of PuttyTabs is also available for download.
For more details and downloads, visit official site.
Read more...
Both the tools I am talking about require .NET framework 2.0 to function which was not the necessity of MTPuTTY.
The first one is PuTTY Connection Manager addon. PuTTY Connection Manager is a free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances.
For more details and downloads, visit official site.
Another tool is PuTTYTabs which reads the Registry information of PuTTY and opens a new tab for each opened window by the user. The source code of PuttyTabs is also available for download.
For more details and downloads, visit official site.
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)