Hidden file vulnerability on XP (not tested elsewhere)
Results 1 to 7 of 7

Thread: Hidden file vulnerability on XP (not tested elsewhere)

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    113

    Exclamation Hidden file vulnerability on XP (not tested elsewhere)

    I have mistakenly come across a potential vulnerability, it allows files to be hidden in the c:\windows\fonts folder.

    I came across this while installing some fonts I had downloaded. I was using winrar, and winrar works a bit differently than winzip and the standard windows xp file expander. If the files are contained in folders within the archive, and you select a single file not in the root of the directory, it will exctract to its desired desination within this folder (ex: a file is in zip:/folder/file.exe and i want to extract just file.exe to c:\ it would actually go to c:\folder\file.exe). So I install the font (which was in a folder, within the archive), not realizing it has been extracted to c:\windows\fonts\fontname\font.ttf. There is some inconsistency with the fonts folders that allows only fonts to be viewed there (using windows explorer), thus this folder was hidden.

    To confirm I made an archive with winrar containg only notepad.exe. I extracted this file to c:\windows\fonts\test\notepad.exe. Then I went to windows explorer and navigated to the fonts folder, and there was no test folder. Then I went to run, and typed in c:\windows\fonts\test\notepad.exe and sure enough, notepad opened.

    In conclusion files can be stored here and not be visible using a standard file browser. These directories however can be viewed in dos using the 'dir' function.

    I'm not sure if this has been discovered already.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    This is the same as with the Recycle bin and the Temporary Internet file directories (and a few others). This is because of the 'special' way these folders are handled by explorer. You should still be able to see the files/folders if you use a command prompt and issue a dir command.

    Look for a desktop.ini in that directory. This file tells explorer how and what to show you when you open that folder.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Originally posted here by SirDice
    This is the same as with the Recycle bin and the Temporary Internet file directories (and a few others). This is because of the 'special' way these folders are handled by explorer. You should still be able to see the files/folders if you use a command prompt and issue a dir command.

    Look for a desktop.ini in that directory. This file tells explorer how and what to show you when you open that folder.
    Ah, ty, I didn't realize there were more folders like this

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    It's a system preference. I think it was setup more so you didn't scan somewhere that you would get a lot of BS... like your trash can... because that would be a folder of junk and the system would just be wasting time looking through your junk for something you want. Same with the fonts folder, it's generally a folder with a specific meaning. Just one of those things people don't really thinking about, who ever goes into their font folder? And the trash can, well if someone empties it... kiss that stuff goodbye.

    Just a thought...
    ~AciD
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    this doesn't work from the command prompt...
    so if you use "dir" this doesn't matter...
    yeah, I\'m gonna need that by friday...

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Originally posted here by tampabay420
    this doesn't work from the command prompt...
    so if you use "dir" this doesn't matter...
    I created the folder when I extracted (in winrar), I only viewed it in the command prompt. And I'm on XP, so maybe it doesn't work the same on older/newer versions of windows.

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    186
    It's because these folders are special CLSID folders that point to options in the registry. Ankit Fadia has an explanation on his page:
    http://www.ankitfadia.com/untold.htm
    Scroll about a quarter of the way down until you see CLSID Folders Explained

    Enjoy!
    \"When you say best friends, it means friends forever\" Brand New
    \"Best friends means I pulled the trigger
    Best friends means you get what you deserve\" Taking Back Sunday
    Visit alastairgrant.ca

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •