Windows Embedded Hidden Data to Datastream
Austin Lai | August 8th, 2021
Windows - Embedded Hidden Data to Datastream
-
Create normal text file called "normal.txt" with the word "testing"
echo testing > normal.txt -
You can view the text file with notepad seemingly normal and with command below to show datastream of it
dir /r normal.txt -
Add first hidden text file to the "normal.txt" datastream
echo hidden_msg1 > normal.txt:hidden1.txt -
Add second hidden text file to the "normal.txt" datastream
echo hidden_msg2 > normal.txt:hidden2.txt -
Add calc.exe to "normal.txt" datastream
type C:\Windows\System32\calc.exe > normal.txt:calc.exe -
To view the first or sceond hidden text
notepad normal.txt:hidden1.txt type normal.txt:hidden2.txt -
To execute the calc.exe in the datastream of normal.txt
forfiles /P C:\Windows\System32 /m notepad.exe /c "C:\Users\Austin.Lai\Desktop\normal.txt:calc.exe" wmic process call create "C:\Users\Austin.Lai\Desktop\normal.txt:calc.exe"
type "C:\temp\messagebox64.dll" > "C:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:ADSDLL.dll"
rundll32 "C:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:ADSDLL.dll",DllMain
Do let me know any command or step can be improve or you have any question you can contact me via THM message or write down comment below or via FB