• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Hiding folder in windows

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
CHeeKY
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 3


Offline

PostPosted: Sat Sep 20, 2003 6:11 pm    Post subject: Hiding folder in windows Reply with quote

well basically what we're doing here is creating a folder which will
seem like a system folder (i.e control panel/recycle bin..etc..).

What's gonna happen is that when the system admin try's to access this
folder he'll be re-directed to it's source which means:

You make a fake folder that'll look like the control panel,
admin sees that and tries to get in, now instead of getting to the real
folder where your pub is he'll get into his Windows control panel.
But when u'll log in via your ftp client (like FlashFxp for example) you'll see your ftp content.

---how its done---


You just make a new folder named like in the list below
and ta-da!

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents.{ECF03A32-103D-11d2-854D-006008059367}
Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}

oh and You can play with the names but the extension must stay the same, for example:

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}

You can also call it BIGDIRECTORY.{21EC2020-3AEA-1069-A2DD-08002B30309D}

as long as u got the {21EC2020-3AEA-1069-A2DD-08002B30309D} after the "."
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Sat Sep 20, 2003 6:28 pm    Post subject: Reply with quote

Now that you've shown us the exploit, are you able to show us a solution to the exploit short of formatting the affected hard drive?

I've seen where one or two of our members have been hit with this exploit and I can only recall the solution as being to format the drive.
Back to top
View user's profile Send private message Visit poster's website
whatwares
Just Arrived
Just Arrived


Joined: 07 Jul 2003
Posts: 1
Location: Netherlands

Offline

PostPosted: Sat Sep 20, 2003 7:08 pm    Post subject: Reply with quote

I've just discovered that when I made the folder control panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}, I couldn't view it in windows explorer, because I was indeed redirected to the control panel from windows itself. However when I tried to access the folder with Total Commander, I had no problems viewing or changing the contents of that folder in any way.

In other words: try a file manager from another manufacturer to work on those folders, Explorer has it's own way of showing the folders, with a different starting point (the desktop instead of C:\).
Back to top
View user's profile Send private message MSN Messenger
CHeeKY
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 3


Offline

PostPosted: Sat Sep 20, 2003 7:08 pm    Post subject: Reply with quote

Like in all things in life, there is more than one way to view information on what is upon your drive, firstly make sure your pc make isnt hackable.
explore and use tools such as treeview to find hidden files.

you can login via the ftp client as stated and delete files after your analysis has found the location, viewing .ini files of the infected machine etc, will gather these results. from there you can delete
the files

To remove any system files requires regedit and CLSID keys, always backup and depending on your level of expertise and file system, Internet explorer and Network Neighbourhood are different but for most

regedit...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace
There should be a set of keys under namespace, which you identify by the CLSID, remove from namespace and it won't trouble you no more

Please backup registry and if you can backup the drive so no mistakes can be made.
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Sat Sep 20, 2003 10:50 pm    Post subject: Reply with quote

get deltree.exe, put it into your system32 folder, shut down ftp service,
go to a command prompt in the container folder of your ftp 'pub' and
deltree it.

I just tried it and it works like a champ.
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Sun Sep 21, 2003 11:25 pm    Post subject: Reply with quote

I've just made this topic a sticky one so it will stay at the top of the listing. It should prove excellent resource material for those who have this particular problem and are researching/searching for a cure to it.

Job well done, dudes!
Back to top
View user's profile Send private message Visit poster's website
Kasket
Just Arrived
Just Arrived


Joined: 09 Feb 2004
Posts: 0


Offline

PostPosted: Mon Feb 09, 2004 3:34 pm    Post subject: Reply with quote

very nice information.
Back to top
View user's profile Send private message
Darksat
Just Arrived
Just Arrived


Joined: 09 Sep 2004
Posts: 0
Location: Banned

Offline

PostPosted: Thu Sep 09, 2004 4:22 pm    Post subject: Reply with quote

If your looking to hide files why not just use encrypted magic folders?
Back to top
View user's profile Send private message Visit poster's website
Arkantos
Just Arrived
Just Arrived


Joined: 01 Nov 2004
Posts: 0
Location: Kolkata, India

Offline

PostPosted: Mon Nov 01, 2004 11:55 pm    Post subject: Reply with quote

hi, i am new to this place.

is going into the file system by way of dos, deleting the dir a viable solution??

the are plenty of for opening up NTFS/HPFS partitions from DOS6.22
Back to top
View user's profile Send private message MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Tue Nov 02, 2004 12:19 am    Post subject: Reply with quote

Sure if you like typing. Personally I prefer the DOS shell over explorer. Of course the same can be done from the Windows Explorer.
Back to top
View user's profile Send private message
E-Mind
Just Arrived
Just Arrived


Joined: 25 May 2005
Posts: 0
Location: Palo Alto, CA

Offline

PostPosted: Wed Jun 15, 2005 7:33 pm    Post subject: Reply with quote

In the folder tree view just press F2 when you are on the folder and rename it - you would be able to access it again and delete it.
Back to top
View user's profile Send private message
isohseis
Just Arrived
Just Arrived


Joined: 25 Nov 2005
Posts: 0


Offline

PostPosted: Fri Nov 25, 2005 7:41 am    Post subject: Reply with quote

I am a newbie, and I created those folders properly, it worked as you said it would, but I do not know how to access the REAL information inside the folder. Can someone help me?
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Fri Nov 25, 2005 11:18 am    Post subject: Reply with quote

like the article said, using another mechanism such as ftp
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register