Re: How to hide a file ?

["Ryan Permeh" <ryan () eEye com>]

Streams do not really die the file in the traditional sense.  it is still
locatable via the numerous tools that can fine alternate data streams.  But
it doesn't require you to violate the kernel, so perhaps this may be
appropriate for the situation (i guess not everyone wants to poke the kernel
at every opportunity:)

Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "Jose Nazario" <jose () biocserver BIOC cwru edu>
To: "Udi dahan" <udi () co zahav net il>
Cc: <vuln-dev () security-focus com>
Sent: Tuesday, January 08, 2002 9:09 AM
Subject: Re: How to hide a file ?


> On Tue, 8 Jan 2002, Udi dahan wrote:
>
> > I was wondering if there's a way to hide a file under windows 2000
> > server, so that it will not be seen when using "show hidden file",
> > "show all files" and so on. I want to hide a file but I want to be
> > able to run the file only when I know exactly where it is and what is
> > the file name.
>
> use the file streams. h carvey has written some nice documentation on
> this:
> http://patriot.net/~carvdawg/perl.html
http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0601/ISB0601HC.pdf
> an additional discussion is available on:
> http://rr.sans.org/win/ADS.php
>
> enjoy,
>
> ____________________________
> jose nazario      jose () cwru edu
>            PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
>        PGP key ID 0xFD37F4E5 (pgp.mit.edu)