So guys,some days age, when glitcher posted a topic formatting a usb. There he told about ADS then I searced a lot and finally learn't something which I want to share with you all guys. Most don't know about the Alternate Data Streams. Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.
So, Lets start.
0x00. Creating an ADS
It is very simple to create ADS.We'll use cmd to create these streams. First we'll create a text file named test.
C:\>echo This is a test file to make ADS > test.txt
C:\>type test.txt
This is a test file to make ADS
The '>' operator is called redirect operator and is used to redirect the output of any command to a file. In this case, we are redirecting "This is a test file to make ADS" into the file "test.txt".
Now we'll make an ADS behind our text file that we recently created. For this ':' operator is used.
C:\>echo experiment> test.txt:hidden.txtTo view what's in the hidden.txt then run
C:\>notepad test.txt:hidden.txtWe used notepad to open the ADS cause the 'type' command don't understand the ':' operator.
Their are many benefits of ADS which I'll be telling you about.Have patience...
Similiarly, we can create ADS on directories.That' true, just look here.
C:\>echo hello>ADS:hidden.txt To verify type in cmd C:\>notepad ADS:hidden.txt
0x01. Creating and running executables
Not only text files, you can hide videos, exe also. Look here, I'll show you how to hide an executable behind a file.
C:\>cd ADS
C:\ADS>echo this is to show how to hide an exe > test1.txt
C:\ADS>type notepad.exe>test1.txt:calc.exe
The 'start' command is used to run the executable. 'start' commands need to know the full path of the executable.
To run this exe C:\ADS>start ./test1.txt:calc.exeIf something went right, you'll see a notepad window in front of you.
0x02. Hiding and running videos
You can also put(hide) videos behind the files using ADS, but for playing them, you will need to give the path of the video player and the full path of video.Like, I'll be hiding a video named 'Batman Begins.mkv'
D:\Movies>type "Batman Begins.mkv">"test.txt:batman begins.mkv"
D:\Movies>"C:\Program Files\VideoLAN\VLC\vlc.exe" "D:\Movies\test.txt:batman begins.mkv"If everything goes right, you'll find vlc playing Batman Begins.
0x03. Finding Alternate Data Streams
There are many softwares on the net such as LADS and many more.Some antivirus also catches ADS.
0x04. Deleting ADS
To delete the ADS we created on our file test(or on any file) do
D:\Movies>ren test.txt abc.txt
D:\Movies>type abc.txt > test.txt
D:\Movies>del abc.txtWhat we did here:
We renamed the test.txt file to abc.txt then we copied the content of abc.txt to text.txt and then deleted the file containing ADS.
0x05. Benefits of ADS
1.) You can hide your files, videos,and anything you want to hide from others.
2.) You can hide malwares, trojans behind some files and then send them to victim but remember, make sure to make it FUD so that antivirus doesn't block it.
Enjoy!!!
