Results 1 to 7 of 7

Thread: ADS In NTFS

  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    11

    ADS In NTFS

    ADS, or Alternate Data Streams, is a not very well known feature of the NTFS file system. I still don't know very much about, one of my friends showed it to me the other day. Read about ADS here, does anyone know of this, or what it was intended for? If found it quite interesting, however seemingly pointless it is, I'm gonna mess with it, see what all I can do with it at my school.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ADS is a beautiful way of hiding stuff... Unless you know it exists, what it can do and how I can use it to help me exploit your system then it is a very useful way for someone to hide their exploitation of your system.

    Google "LADS ADS" and read more.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Junior Member
    Join Date
    Apr 2005
    Posts
    11
    Thanks, one last thing, can I use ADS to hide an entire directory, or just individual files?
    I don't have NTFS at my house to test it on, just my Linux OS, I have to wait till I have free time at school to test it on my own(which probably won't happen for a while).

  4. #4
    Senior Member
    Join Date
    Dec 2004
    Posts
    107
    LaoTzu,

    If you have a winxp or w2k install disk, you could use vmware workstation to run windows on your linux box, and try it out.

    http://www.vmware.com/download/workstation.html

    [EDIT]by the way, first result in google yielded this page:

    http://www.heysoft.de/nt/ntfs-ads.htm

    Can somebody add an ADS to a directory entry instead of a file?
    Yes, it works the same way.
    [/EDIT]

    -ik
    Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
    -- Homer S.

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    It was more or less put in for Mac support. We have some more details here:

    http://www.antionline.com/showthread...ighlight=altds

  6. #6
    Junior Member
    Join Date
    Apr 2005
    Posts
    11
    [QUOTE] Originally posted here by Iron-Kurton
    [B]LaoTzu,
    If you have a winxp or w2k install disk, you could use vmware workstation to run windows on your linux box, and try it out.
    http://www.vmware.com/download/workstation.html
    [EDIT]by the way, first result in google yielded this page:
    http://www.heysoft.de/nt/ntfs-ads.htm
    [/EDIT]
    But what I meant was this, would this work, hiding a directory in another direcotry or file using ads.

    md dir1
    cd dir1
    echo stuffinfile>text1.txt
    echo stuffinfile>text2.txt
    cd ..
    md dir2
    type dir1>dir2:dir1 (or type dir1>notepad.exe:dir1)

    Don't have the disk, but I can get them, I'll check out vmware workstation.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    AFAIK ADS only works on files. ADS is used for Apple filesharing. Apple uses 2 streams to store data. One stream contains the actual file and the other stream is used to store information about that file (filetype i.e.).

    type dir1>dir2:dir1 (or type dir1>notepad.exe:dir1)
    Think about this again.... Type a directory? What's it going to type?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •