lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Jan 2018 17:16:09 -0500 From: debug <debug.net@...il.com> To: fulldisclosure@...lists.org Subject: [FD] "." (period) in file extension(s) in windows So I tried to rename a file to something like "hi..." and it would revert back to "hi" no matter how many periods i put after the name (last character must be a period for this to work). This got me to wonder if I was to create a file using POSIX software or say by mounting the drive in Linux and creating the file on the drive directly; what could one do? Because of the way Windows handles extensions differently than the name of the file itself, extensions cannot contain a period and therefore the file when specially created, becomes inaccessible through any builtin windows methods. This could be exploited by hiding data on a windows system in plain sight and making it impossible to delete unless one deletes the entire folder it is in (rd /q/s works great in my test). This could still be defeated by using bash from Cygwin or any Linux distro mounting the drive directly but if one works in a business environment where external tools are not allowed and a system is exploited then this could frustrate administrators until they are able to get approval for external software to fix the issue. Or this could cause other issues if something is being referred to by this "invalid" name (Windows reports it as missing or inaccessible), so if a certain service keeps track of what files names are changed to while the operating system is up an running and its name is changed to this "invalid" format, a system could be DoS or other vectors of compromise. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists