Shulou(Shulou.com)06/01 Report--

The WEB security problem brought about by ADS is nothing new. A few months ago, I systematically did a lot of tests with my friend Rstar. Rstar has been made public on PKAV and Wooyun some time ago. I will also post the paper written at that time, hoping that more * scenarios can be discovered. There is still something wrong with some of the sentences in the paper that was thrown out one afternoon. Since then, there has been no time to change it. Let's take a look at it. Slide will not be released for the time being because it involves the content of the company:)

WEB Security problems brought by NTFS ADS

Author:Rstar & & pysolve

Introduction to NTFS ADS

The full name of NTFS stream is NTFS switched data flow (NTFS Alternate Data Streams). ADS was born to be compatible with Hierarchical File System. HFS- hierarchical file system is a file system launched by Apple. Its working mode is to store different data in different branch files. The file data is stored in the data branch and the file parameters are stored in the resource branch. Similarly, NTFS flows use resource derivation to maintain information related to the host file. ADS is somewhat like the attribute information of a file, attached to the traditional boundaries of the file.

Let's take a look at an example of ADS, which is usually mentioned where we talk about ADS. Create a new file, named test.txt, which is the host file; open the file and enter the content "test". After the command echo "This is astream" > test.txt:stream.txt is established in this directory, the cmd will not be prompted and there will be no change to the host file (including its size, modification time, etc.) for Windows Explorer. This is because not all programs under windows can support ADS. Similarly, dir, type and so on can not be seen. Notepad can partially support ADS, you can open test.txt:stream.txt, but notepad does not fully support it, and parameter errors will occur when saving as.

Note:

1. Modifying the contents of the host file will not affect the contents of the stream.

2. Modifying the contents of the stream will not affect the contents of the host file.

A complete stream format is given on MSDN, as follows::

The file name of the filename host file

Stream name stream name

Stream type stream type

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.