C:\covert>dir |
C:\covert>c:\covert\hostname.exe |
C:\covert>dir C:\covert>type secret.txt |
| C:\covert>type c:\covert\secret.txt >
c:\covert\hostname.exe:secret.txt C:\covert>del c:\covert\secret.txt C:\covert>dir Volume in drive C has no label. Volume Serial Number is BCD5-A7C3 Directory of C:\covert 2005/05/09 09:04 PM <DIR> . 2005/05/09 09:04 PM <DIR> .. 2005/05/09 09:04 PM 7,680 hostname.exe 1 File(s) 7,680 bytes 2 Dir(s) 22,563,475,456 bytes free |
| C:\covert>notepad c:\covert\hostname.exe:secret.txt |
| C:\covert>type c:\covert\sol.exe >
c:\covert\hostname.exe:sol.exe C:\covert>del sol.exe C:\covert>dir Volume in drive C has no label. Volume Serial Number is BCD5-A7C3 Directory of C:\covert 2005/05/09 09:19 PM <DIR> . 2005/05/09 09:19 PM <DIR> .. 2005/05/09 09:18 PM 7,680 hostname.exe 1 File(s) 7,680 bytes 2 Dir(s) 22,561,697,792 bytes free C:\covert>start c:\covert\hostname.exe:sol.exe |
| C:\covert>dir Volume in drive C has no label. Volume Serial Number is BCD5-A7C3 Directory of C:\covert 2005/05/09 09:29 PM <DIR> . 2005/05/09 09:29 PM <DIR> .. 2005/05/09 12:47 PM 46,352 cp.exe 2001/08/23 02:00 PM 7,680 hostname.exe 2001/08/23 02:00 PM 56,832 sol.exe 3 File(s) 110,864 bytes 2 Dir(s) 22,561,570,816 bytes free C:\covert>cp c:\covert\sol.exe c:\covert\hostname.exe:sol.exe c:\covert\sol.exe => c:\covert\hostname.exe:sol.exe [ok] C:\covert>del sol.exe C:\covert>c:\covert\hostname.exe giles C:\covert>cp c:\covert\hostname.exe:sol.exe c:\covert\out.exe c:\covert\hostname.exe:sol.exe => c:\covert\out.exe [ok] C:\covert>dir Volume in drive C has no label. Volume Serial Number is BCD5-A7C3 Directory of C:\covert 2005/05/09 09:32 PM <DIR> . 2005/05/09 09:32 PM <DIR> .. 2005/05/09 12:47 PM 46,352 cp.exe 2001/08/23 02:00 PM 7,680 hostname.exe 2001/08/23 02:00 PM 56,832 out.exe 3 File(s) 110,864 bytes 2 Dir(s) 22,561,501,184 bytes free C:\covert>c:\covert\out.exe |
| C:\covert>cd \ C:\>streams Streams v1.3 - Enumerate alternate NTFS data streams Copyright (C) 1999-2001 Mark Russinovich Sysinternals - www.sysinternals.com usage: streams [-s] <file or directory> -s Recurse subdirectories C:\>streams -s c:\covert Streams v1.3 - Enumerate alternate NTFS data streams Copyright (C) 1999-2001 Mark Russinovich Sysinternals - www.sysinternals.com c:\covert\hostname.exe: :sol.exe:$DATA 56832 |