Hacking Tutorials

Hiding Files using NTFS Streams

Before starting this lab, create a folder in the C: drive and name it as magic. Copy calc.exe from C: \ Windows \ system32 and paste it into the C: \ Magic folder.

Now launch a command prompt and go to C: \ Magic and type notepad readme.txt in the command prompt and press enter.

The Notepad pop-up appears if prompted to create a new readme.txt file, then click on the Yes button.

Now type some text in notepad and save the file. In this we are typing Hello World!.
Now type the dir command and note the size of the readme.txt file and press enter command prompt.

Now hide calc.exe under readme.txt by typing the following in the command prompt:
Type c: \ magic \ calc.exe> ​​c: \ Magic \ readme.txt: calc.exe
And press Enter.

Now again check the size of the readme.txt file by typing dir in the command prompt. File size should not change.
Now remove calc.exe from c: \ Magic folder.

Now type this following command in the command prompt mklink backdoor.exe readme.txt: calc.exe and press enter.

Now type backdoor in the command prompt and press enter. Once you press Enter, the calculator window should be opened even after it is deleted from the C: \ Magic folder.