[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <016b01c268f3$b53dc0e0$3264a8c0@local>
From: hggdh at attbi.com (HggdH)
Subject: NTFS exploit
This is actually not new -- it was discussed on BugTraq some 2 years ago.
What happens here is NTFS will increase the size of the MFT as needed to
store all file headers. A zero-lenght file will cause the same result -- all
available space will eventually be taken by the MFT.
The bad part of it is... there is no way for you to "downsize" the MFT. You
_will_ have to format the drive. This is a nice DoS...
..hggdh..
----- Original Message -----
From: "Geo" <geoincidents@...info.org>
To: <full-disclosure@...ts.netsys.com>
Cc: <paulwagner429@...mail.com>
Sent: Monday, September 30, 2002 10:27
Subject: [Full-Disclosure] NTFS exploit
I've seen this mentioned before (on bugtraq I think) but I had never seen a
way to use it to hose a drive before.
To see Windows 2000 NTFS use up all free space in an unrecoverable manner.
(don't do this on a drive you can't afford to format)
Create a directory called "dead"
go into that directory and create a text file called dead.txt copy these
instructions into the text file before saving it. (just some text to take up
space should be under 1K in size)
Ok, now open my computer, right click on the disk drive you are using and
pick properties, pick tools, pick defragment and click on the analyze
button. Notice how much of the drive shows as green system files.
ok now from a command window log to the directory
cd /dead
and type this
FOR /L %1 in (1,1,2000000) copy dead.txt dead%1.txt
what this does is creates 2,000,000 copies of the dead.txt file. Now that
they are created go ahead and check again in the defragment/analyze window,
see all the green? Ok now in your command window making sure you are still
logged to /dead go ahead and delete all those files
cd /dead
delete *.txt
now check the defragment/analyze window again, no change right?
If you had created enough .txt files to use up all the free space on your
drive you would now not be able to save a large file to the drive.
The problem is that NTFS stores small files in the actual directory table
instead of as a separate data stream, it does this for efficiency. It also
never releases this space once it's been used.
Geo.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists