[Full-Disclosure] Windows covert channel
jazper
jazper at cox.net
Mon Oct 20 02:26:17 BST 2003
You would do: more < file.txt:1 to see the contents
jazper
----- Original Message -----
From: "8tImER" <8tImER at gmx.net>
To: <full-disclosure at lists.netsys.com>
Sent: Sunday, October 19, 2003 7:48 PM
Subject: Re: [Full-Disclosure] Windows covert channel
> Hello James,
>
> my guess is you are talking about 'streams' in NTFS.
> Example:
> Create a text file, save it.
> Then use 'echo "hidden text" >> file.txt:1' to add the hidden stuff.
> I don't remember how to read that stuff out afterwards though.
>
> --
> Greetz,
> 8tImER mailto:8tImER at gmx.net
> GPG Key-ID: 0xADD46137
>
> Originaltext:
> Am 20.10.2003 um 01:04:21 hast du geschrieben:
>
> > I seem to remember in the dim reaches of my memory a covert channel in
> > the Windows file system where you could paste one file at the end of
> > another without it being detectible when you edited the orginal file.
>
>
> > can someone aim me at the right "buzz phrase" that describes this so I
> > can Google it further?
>
> > jim k
>
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.