1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Alternate Data Streams

Discussion in 'Black Hat SEO' started by fatboy, Jan 14, 2009.

  1. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    This has been around for a while I guess, but has anyone thought of an idea for using (abusing?) ADS for getting BH work done?

    In essence its a file inside a file and hidden from site.
    Its not that simple to run the 'hidden' file without something being spotted but I know there is a way to us ethis somewhere.

    Have a quick read at
    HTML:
    http://www.windowsecurity.com/articles/Alternate_Data_Streams.html
    if you want to know about ADS, and maybe we can throw some ideas about!
     
  2. headspin

    headspin Regular Member

    Joined:
    Jun 3, 2008
    Messages:
    234
    Likes Received:
    140
    Home Page:
    The only way to run the ADS would be to have a program already installed on the user's computer which reads the data and copies it to a file (possibly a virtual file). There are several problems with this, not the least of which is that most anti-viral software can scan ADS and they'll even report it to the user whether or not it's actually a security risk. The stream would also be destroyed if the file were moved to a FAT32 file system - it has to be NTFS. So uploading it to a linux server would kill it, storing it on a USB drive would kill it, etc.


    What's more, this is well beyond blackhat. It can land you several years in a federal institution with joe the fruitbasket rapist as a roommate.
     
  3. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Really?

    What puts this into the federal offense category (I am in the UK so I am guessing federal offense is like the UK police kicking in the door for a chat!)

    I was thinking that this would be along the lines of PPI (I know thats not the scope of this forum!) not something seriously illegal :\
     
  4. headspin

    headspin Regular Member

    Joined:
    Jun 3, 2008
    Messages:
    234
    Likes Received:
    140
    Home Page:
    Depends what you want to do with it, but in 99% of cases it will be illegal: "A black hat hacker is someone who subverts computer security without authorization" (Wikipedia). In any case, executing code hidden within the filesystem does not sound like PPI to me, more like exploiting a trojan horse.

    The legal definition is similar but much longer. In the US the Anti-hacking law (18 U.S.C. 1030) punishes offenders with up to 20 years depending on the severity of the offence.

    Edit: In the UK, it can get even worse as the Terrorism Act 2000 makes hacking a potential act of terrorism, although this is more applicable to dDOS attacks. In your particular case, the Computer Misuse Act of 1990 could send you away for up to 10 years.
     
    Last edited: Jan 14, 2009
  5. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Mmm cheers for that - will have to take a look into all those laws!!