What file system vulnerability does the following command take advantage of?

What file system vulnerability does the following command take advantage of?
type c:anyfile.exe > c:winntsystem32calc.exe:anyfile.exe

What file system vulnerability does the following command take advantage of?
type c:anyfile.exe > c:winntsystem32calc.exe:anyfile.exe

A.
Backdoor access

B.
ADS

C.
NTFS

D.
HFS

Explanation:
ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename :stream .



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Nabil Abdulaal

Nabil Abdulaal

the technique is using the Alternate Data Streams (ADS) using the NTFS file system format.

The correct answer is : ADS

Daniel

Daniel

correct. The answer is Alternate Data Streams (ADS). ADS is the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer. Alternate Data Streams (ADS) provides hackers with a method of hiding root kits on a breached system and allows them to be executed without being detected by the systems administrator.