Full Disclosure: Re: Windows covert channel

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Windows covert channel

From: 8tImER <8tImER () gmx net>
Date: Mon, 20 Oct 2003 01:48:27 +0200

Hello James,

my guess is you are talking about 'streams' in NTFS.
Example:
Create a text file, save it.
Then use 'echo "hidden text" >> file.txt:1' to add the hidden stuff.
I don't remember how to read that stuff out afterwards though.

-- 
Greetz,
 8tImER                            mailto:8tImER () gmx net
                                   GPG Key-ID: 0xADD46137

Originaltext:
Am 20.10.2003 um 01:04:21 hast du geschrieben:

I seem to remember in the dim reaches of my memory a covert channel in
the Windows file system where you could paste one file at the end of
another without it being detectible when you edited the orginal file.

can someone aim me at the right "buzz phrase" that describes this so I
can Google it further?

jim k

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Windows covert channel James Kelly (Oct 19)
- Re: Windows covert channel 8tImER (Oct 19)
  - Re: Windows covert channel jazper (Oct 19)
  - Re: Windows covert channel Jeremiah Cornelius (Oct 19)
- Re: Windows covert channel jazper (Oct 19)
  - RE: [inbox] Re: Windows covert channel Curt Purdy (Oct 20)
- RE: Windows covert channel Joe (Oct 19)