Jump to content


Photo
- - - - -

File Merging


  • Please log in to reply
5 replies to this topic

#1 TheKingUnderTheHill

TheKingUnderTheHill

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 57 posts

Posted 21 October 2011 - 08:55 PM

Right,

I used to be able to do this years ago, but it's slipped my memory and i cant seem to find a straight
answer online at all, so brace for ultra-super-mega-noob question:

How do i merge a .exe file into an .mp3 or .jpeg file and have it execute when the file is opened?

Seriously, i did this in like, Year 8 at school and it was fantastic fun, just cant seem to remember HOW exactly i did it!
Listen you guys, help yourself to anything in the fridge... Cereal has.

#2 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 21 October 2011 - 10:29 PM

ADS or alternate data streams, can be used to hide files (visually, but not from the system or antivirus). If someone deletes the main file, the hidden file disappears too. You can merge, and uncomepress them from that state as well to extract the hidden file. Requirements, filesystem must be NTFS, does not work on fat systems.

C:\> type C:\windows\system32\notepad.exe > c:\windows\system32\calc.exe:notepad.exe
C:\> start c:\windows\system32\calc.exe:notepad.exe

See here for more help: https://www.owasp.or...ate_data_stream

Not sure if it still works on windows 7 machines though.Just tested it, it does work. In windows 7 they added a feature to see alternate data streams, do a dir /r, shows if any are attached to a file.

Edited by digip, 21 October 2011 - 10:39 PM.

@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#3 TheKingUnderTheHill

TheKingUnderTheHill

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 57 posts

Posted 23 October 2011 - 06:51 PM

Awesome, thanks for the reply man.

Just wondering, would this run both files when run, or just the 'visible' file?
Listen you guys, help yourself to anything in the fridge... Cereal has.

#4 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 24 October 2011 - 10:13 AM

Awesome, thanks for the reply man.

Just wondering, would this run both files when run, or just the 'visible' file?

Only runs the first file and if needed, the program first started could call the ADS file if instructed to. To access the hidden file directly, you need to call it from a command prompt like "notepad file1.exe:hiddenfile.txt"
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#5 Iain

Iain

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 319 posts

Posted 24 October 2011 - 11:17 AM

I seem to recall that iexpress.exe can merge files and have them both run, though I can't be 100% sure about that because I've never played with it. It's built into Windows XP.

#6 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 24 October 2011 - 03:46 PM

I seem to recall that iexpress.exe can merge files and have them both run, though I can't be 100% sure about that because I've never played with it. It's built into Windows XP.

iexpress is a packager though(from what I recall, used for sending multiple files to other systems), and not exactly the same thing. What ADS files are, is the same file, but more or less hidden and attached to another file. Windows ADS files only works on NTFS systems. Drag them to a fat32 drive, like a thumb drive, and the hidden files are deleted. The only way to run the hidden file, is to call it from its hidden path, like I showed in the previous post.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users