-
September 27th, 2004, 06:06 PM
#1
IIS and Alternative Data Streams: How users could hide scripts and movies
Awhile back we were talking about the use of Alternative Data Streams in NTFS for hiding files (see http://www.antionline.com/showthread...ht=alternative ). I was thinking about what I could do in a tutorial about Alternative Data Streams that would make it somewhat original, which brought to mind a question: Does IIS look at Alternative Data Streams? So I did the following commands to see:
Code:
W:\>echo the text file>t.txt
W:\>type xx.php >t.txt:x.php
xx.php being an php file with the following code:
Code:
<HTML>
<BODY>
<PRE>
<?
echo "If I see this I know it worked"
?>
</BODY>
</HTML>
Then I when to try and see if it would see the text file (Tiger Shark, please forgive me for posting the URL of my student site, I know I should be more worried about stalking but I’m an open sort of guy):
http://homepages.ius.edu/adrian/t.txt
That worked as expected. Next I tried to see if IIS would parse out the colon and parse the PHP file in the Alternative Data Stream:
http://homepages.ius.edu/adrian/t.txt:x.php
What do you know, it works! I could think of a few things that students at a university might want hide it a webpages like this (moves, porn, scripts and such). Maybe I should ask my Webmaster to run a tool like LADS( http://www.heysoft.de/Frames/f_sw_la_en.htm ) on the web docs directories. Just thought some of you might find this interesting, could be a nice thing for an admin to look out for. Now back to my research.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|