'Sysetms/MS Windows'에 해당되는 글 2

  1. 2008.10.29 NTFS alternate Data Streams (ADSes) (4)
  2. 2008.07.20 How to repair MS Windows Updates's trouble

NTFS alternate Data Streams (ADSes)

2008.10.29 15:52 | Posted by bar4mi
Recently I found a remote vulnerability which was occured by NTFS alternate Data Streams. I'll record some informations of ADSes for my memory. I will announce the vendor and the product after the patch will be released.

NTFS ADSes are provided for compatiability with the Mackintosh HFS(Hierarchical File System). This is used for storing some information in MS Windows System. For example, MS Word stores the property information of a document to it.

We can make a data stream through some ways. For example, I made it via 'type' command. As you can see, the file size is zero despite of some texts.

We can find this data stream using LADS(http://www.heysoft.de/Frames/f_sw_la_en.htm) or dir command(if you are using MS Windows VISTA, you can use '/r' switch).

As further usage, we can hide a executable file on myfile.txt.

And we can exeute it. This is used to hide and execute a malicious file.

You can obtains Addinational information via below link.

Comment

  1. xeraph 2008.10.29 21:52

    ADS는 책보다가 최근에 알았어요 ㅎㅎ 무슨 취약점인지 궁금합니다 ^^

  2. ADS가 문제가 될 수 있는 것은 로컬 영역에 악성코드를 숨길 수 있는 문제점이 존재하며, 요즘 같이 내부자 보안이 중요한 시점에서는 내부자가 ADS에 중요한 기밀 문서를 숨기는 것에 악용될 수 도 있습니다. 또한 공용 PC에서 중요한 개인 파일들을 숨길 때도 사용할 수 있는 장점(?)도 있습니다 ^^ 제가 이번에 발견한 취약점은 로컬의 문제점이 아니라 원격 취약점입니다. 애플리케이션을 구현할 때 ADS에 대해 신경을 쓰지 못해, 특정 루틴을 우회하여 파일의 정보를 노출시킬 수 있는 것입니다. 과거 이와 유사한 문제점이 이미 발표된 바가 있습니다. 아직 벤더측에서 문제점을 명확하게 파악하지 못한 상황이라 무엇이다!라고 자세히 말씀드리기가 힘이 드네요 ^^;

  3. moncler 2013.01.04 15:02

    Airport parking has always been a nightmare for frequent flyers all across the globe. And if we are talking about the world?s busiest airport, http://www.moncleroutletespain.com/ moncler outlet, London Heathrow Airport then the situation gets worse. To meet the growing needs of adequate parking facility at terminals, http://www.moncleroutletespain.com/ moncler chaquetas, Meet and Greet Heathrow Parking has come up as a boon for the millions of passengers who fly over 200 international destinations every year, http://www.moncleroutletespain.com/ moncler. In such a situation Heathrow Valet Parking facilitates you with a hassle free vehicle parking with utmost care to the safety of your vehicle. So forget all parking blues and enjoy your flight without any worries of your vehicle safety, http://www.moncleroutletespain.com/ moncler online. Meet and Greet Heathrow Parking has given a simple yet easy solution to all your parking blues, http://www.moncleroutletespain.com/ moncler españa, so next time you turn up to Heathrow airport do make sure you have a easy parking experience with Heathrow valet parking, http://www.moncleroutletespain.com/ http://www.moncleroutletespain.com/.Related articles:


    http://justalive.tistory.com/499 http://justalive.tistory.com/499

    http://casadelagua.tistory.com/6 http://casadelagua.tistory.com/6

  4. Purchase term paper help from highly professional writers. So if you are desparate, you only need to log onto <a href="http://goldessays.com/">this Web site</a> and obtain essay help.

Today I installed Windows Office 2007 on my Macbook.

When the installation was ended, I couldn't update my Windows XP using Automatic Update System.
It just said me that it couldn't update some updates.

The solution about this problem was so simple. I could find it from searching.

This problem occurs when Windows system files had changed according to MS support.

You can repair it through just simple three steps(These are just to register the Wups2.dll).
First, stop Automatic Updates Service on Command Shell. ( Start > Click Run > Type cmd)
net stop wuauserv

Second, register the Wups2.dll file
regsvr32 %windir%\system32\wups2.dll

if you use Windows XP 64-bit Edition, change 'system32' folder's name to 'system64'.
regserv32 %windir%\system64\wups2.dll

Last, start Automatic Updates Service which you stop just before.
net start wuauserv


Now you can update your system as the latest safe system.
Ref. http://support.microsoft.com/kb/943144/en-us

Comment

이전 1 다음