lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDIEPFCGAA.geoincidents@getinfo.org>
From: geoincidents at getinfo.org (Geo)
Subject: NTFS exploit

I've seen this mentioned before (on bugtraq I think) but I had never seen a
way to use it to hose a drive before.

To see Windows 2000 NTFS use up all free space in an unrecoverable manner.
(don't do this on a drive you can't afford to format)


Create a directory called "dead"

go into that directory and create a text file called dead.txt copy these
instructions into the text file before saving it. (just some text to take up
space should be under 1K in size)

Ok, now open my computer, right click on the disk drive you are using and
pick properties, pick tools, pick defragment and click on the analyze
button. Notice how much of the drive shows as green system files.

ok now from a command window log to the directory

cd /dead

and type this

FOR /L %1 in (1,1,2000000) copy dead.txt dead%1.txt

what this does is creates 2,000,000 copies of the dead.txt file. Now that
they are created go ahead and check again in the defragment/analyze window,
see all the green? Ok now in your command window making sure you are still
logged to /dead go ahead and delete all those files

cd /dead
delete *.txt

now check the defragment/analyze window again, no change right?

If you had created enough .txt files to use up all the free space on your
drive you would now not be able to save a large file to the drive.

The problem is that NTFS stores small files in the actual directory table
instead of as a separate data stream, it does this for efficiency. It also
never releases this space once it's been used.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ