Skip to main content

file streams ntfs

streams can store extra info of files 

filename:streamname:streamtype

 Stream type specifier values always start with the dollar sign ($) symbol

Stream Type                         Description

::$ATTRIBUTE_LIST Contains a list of all attributes that make up the file and identifies where each attribute is located.

::$BITMAP A bitmap used by indexes to manage the b-tree free space for a directory. The b-tree is managed in 4 KB chunks (regardless of cluster size) and this is used to manage the allocation of these chunks. This stream type is present on every directory.

::$DATA Data stream. The default data stream has no name. Data streams can be enumerated using the FindFirstStreamW and FindNextStreamW functions.

::$EA Contains Extended Attributes data.

::$EA_INFORMATION Contains support information about the Extended Attributes.

::$FILE_NAME The name of the file, in Unicode characters. This includes the short name of the file as well as any hard links.

::$INDEX_ALLOCATION The stream type of a directory. Used to implement filename allocation for large directories. This stream represents the directory itself and contains all of the data of the directory. Changes to streams of this type are logged to the NTFS change journal. The default stream name of an $INDEX_ALLOCATION stream type is $I30 so "DirName", "DirName::$INDEX_ALLOCATION", and "DirName:$I30:$INDEX_ALLOCATION" are all equivalent.

::$INDEX_ROOT This stream represents root of the b-tree of an index. This stream type is present on every directory.

::$LOGGED_UTILITY_STREAM Similar to ::$DATA but operations are logged to the NTFS change journal. Used by EFS and Transactional NTFS (TxF). The ":StreamName:$StreamType" pair for EFS is ":$EFS:$LOGGED_UTILITY_STREAM" and for TxF is ":$TXF_DATA:$LOGGED_UTILITY_STREAM".

::$OBJECT_ID An 16-byte ID used to identify the file for the link-tracking service.

::$REPARSE_POINT The reparse point data.


using alternate data stream to hide text:

from cmd run 

notepad filename.txt:alternatestreamname.txt

ex : notepad test.txt:secret.txt

        notepad test.txt:another.txt


None of these hidden files will affect the other, or change the main file.  use the command line to access the hidden data. that stream isn’t exactly part of the file… you can’t copy your file to another location and access the streams over there.

view sterams using

sterams.exe filename 

dir /R


read using cmd

more < FileName:StreamName

write using cmd

echo “secret texts” > FileName.txt:StreamName


https://docs.microsoft.com/en-us/sysinternals/downloads/streams


source:

https://docs.microsoft.com/en-us/windows/win32/fileio/file-streams

https://docs.microsoft.com/en-US/troubleshoot/browsers/ie-security-zones-registry-entries



Comments

Post a Comment

Popular posts from this blog

sxhkd volume andbrightness config for dwm on void

xbps-install  sxhkd ------------ mkdir .config/sxhkd cd .config/sxhkd nano/vim sxhkdrc -------------------------------- XF86AudioRaiseVolume         amixer -c 1 -- sset Master 2db+ XF86AudioLowerVolume         amixer -c 1 -- sset Master 2db- XF86AudioMute         amixer -c 1 -- sset Master toggle alt + shift + Escape         pkill -USR1 -x sxhkd XF86MonBrightnessUp          xbacklight -inc 20 XF86MonBrightnessDown          xbacklight -dec 20 ------------------------------------------------------------- amixer -c card_no -- sset Interface volume run alsamixer to find card no and interface names xbps-install -S git git clone https://git.suckless.org/dwm xbps-install -S base-devel libX11-devel libXft-devel libXinerama-devel  vim config.mk # FREETYPEINC = ${X11INC}/freetype2 #comment for non-bsd make clean install   cp config.def.h config.h vim config.h xbps-install -S font-symbola #for emoji on statusbar support     void audio config xbps-i
1 comment
Read more

Hidden Wiki

Welcome to The Hidden Wiki New hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!! Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it. The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with. Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you
5 comments
Read more

download office 2021 and activate

get office from here  https://tb.rg-adguard.net/public.php open powershell as admin (win+x and a ) type cmd  goto insall dir 1.         cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 2.           cd /d %ProgramFiles%\Microsoft Office\Office16 try 1 or 2 depending on installation  install volume license  for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" activate using kms cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs /sethst:s8.uk.to cscript ospp.vbs /act Automatic script (windefender may block it) ------------------------------------------------------------------------------------------------------------------- @echo off title Activate Microsoft Office 2021 (ALL versions) for FREE - MSGuides.com&cls&echo =====================================================================================&
Post a Comment
Read more