Hiding folder in windows

Networking/Security Forums -> Exploits // System Weaknesses

Author: CHeeKY PostPosted: Sat Sep 20, 2003 6:11 pm    Post subject: Hiding folder in windows
well basically what we're doing here is creating a folder which will
seem like a system folder (i.e control panel/recycle bin..etc..).

What's gonna happen is that when the system admin try's to access this
folder he'll be re-directed to it's source which means:

You make a fake folder that'll look like the control panel,
admin sees that and tries to get in, now instead of getting to the real
folder where your pub is he'll get into his Windows control panel.
But when u'll log in via your ftp client (like FlashFxp for example) you'll see your ftp content.

---how its done---

You just make a new folder named like in the list below
and ta-da!

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents.{ECF03A32-103D-11d2-854D-006008059367}

oh and You can play with the names but the extension must stay the same, for example:

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}

You can also call it BIGDIRECTORY.{21EC2020-3AEA-1069-A2DD-08002B30309D}

as long as u got the {21EC2020-3AEA-1069-A2DD-08002B30309D} after the "."

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Sat Sep 20, 2003 6:28 pm    Post subject:
Now that you've shown us the exploit, are you able to show us a solution to the exploit short of formatting the affected hard drive?

I've seen where one or two of our members have been hit with this exploit and I can only recall the solution as being to format the drive.

Author: whatwaresLocation: Netherlands PostPosted: Sat Sep 20, 2003 7:08 pm    Post subject:
I've just discovered that when I made the folder control panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}, I couldn't view it in windows explorer, because I was indeed redirected to the control panel from windows itself. However when I tried to access the folder with Total Commander, I had no problems viewing or changing the contents of that folder in any way.

In other words: try a file manager from another manufacturer to work on those folders, Explorer has it's own way of showing the folders, with a different starting point (the desktop instead of C:\).

Author: CHeeKY PostPosted: Sat Sep 20, 2003 7:08 pm    Post subject:
Like in all things in life, there is more than one way to view information on what is upon your drive, firstly make sure your pc make isnt hackable.
explore and use tools such as treeview to find hidden files.

you can login via the ftp client as stated and delete files after your analysis has found the location, viewing .ini files of the infected machine etc, will gather these results. from there you can delete
the files

To remove any system files requires regedit and CLSID keys, always backup and depending on your level of expertise and file system, Internet explorer and Network Neighbourhood are different but for most

There should be a set of keys under namespace, which you identify by the CLSID, remove from namespace and it won't trouble you no more

Please backup registry and if you can backup the drive so no mistakes can be made.

Author: Mongrel PostPosted: Sat Sep 20, 2003 10:50 pm    Post subject:
get deltree.exe, put it into your system32 folder, shut down ftp service,
go to a command prompt in the container folder of your ftp 'pub' and
deltree it.

I just tried it and it works like a champ.

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Sun Sep 21, 2003 11:25 pm    Post subject:
I've just made this topic a sticky one so it will stay at the top of the listing. It should prove excellent resource material for those who have this particular problem and are researching/searching for a cure to it.

Job well done, dudes!

Author: Kasket PostPosted: Mon Feb 09, 2004 3:34 pm    Post subject:
very nice information.

Author: DarksatLocation: Banned PostPosted: Thu Sep 09, 2004 4:22 pm    Post subject:
If your looking to hide files why not just use encrypted magic folders?

Author: ArkantosLocation: Kolkata, India PostPosted: Mon Nov 01, 2004 11:55 pm    Post subject:
hi, i am new to this place.

is going into the file system by way of dos, deleting the dir a viable solution??

the are plenty of for opening up NTFS/HPFS partitions from DOS6.22

Author: ryansuttonLocation: San Francisco, California PostPosted: Tue Nov 02, 2004 12:19 am    Post subject:
Sure if you like typing. Personally I prefer the DOS shell over explorer. Of course the same can be done from the Windows Explorer.

Author: E-MindLocation: Palo Alto, CA PostPosted: Wed Jun 15, 2005 7:33 pm    Post subject:
In the folder tree view just press F2 when you are on the folder and rename it - you would be able to access it again and delete it.

Author: isohseis PostPosted: Fri Nov 25, 2005 7:41 am    Post subject:
I am a newbie, and I created those folders properly, it worked as you said it would, but I do not know how to access the REAL information inside the folder. Can someone help me?

Author: AdamVLocation: Leeds, UK PostPosted: Fri Nov 25, 2005 11:18 am    Post subject:
like the article said, using another mechanism such as ftp

Networking/Security Forums -> Exploits // System Weaknesses

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group