Ingenious use of Windows file system vulnerabilities (1)

1. Useful file replacement commands in Windows, bypass file protection

Replacement of files, even files that are being used can be replaced . Very invincible.

For example: create a directory under C:\\, c:\\aaa

Then copy an mp3 to c:\\aaa and name it c:\\aaa\\a.mp3

Then copy another song to C:\\a.mp3

and use the media player to play c:\\aaa\\a.mp3

At the command prompt, type: Replace c:\\a.mp3 c:\\aaa

After a while, the song that was played has changed to another.

It's a shame to replace the system files with this command, and XP's system file protection is not valid for it.

Never use safe mode to replace files.

2.Windows file system vulnerability - small loopholes, great use

Everyone knows the "\\" symbol in Windows Is the separator of the path, such as "C:\\Windows\\" means the Windows folder in the C partition, "C:\\Windows\\System.exe" means System.exe in the Windows folder in the C partition. File, let's continue to assume that:

What if there is a "\\" symbol in the file name? If "S\\" is the name of a folder, this folder is located at: "F:\\", and his path is "F:\\S\\". When we try to access it, Windows will mistakenly think that we want to open it. The file is the S folder of the C partition, so Windows cannot open and will return an error because the above path does not exist.

Maybe you are trying to create a "S\\" file, but Windows will prompt you: "\\" symbol is not the name of a file or folder. It seems that Windows has already thought of this. OK, we continue, we can't believe that we can't create a file containing the "\\" symbol.

Now open your computer, we have to do some very interesting attempts. After entering Windows, click: Start > Run and type "cmd" and the car (if it is Win98, please enter "COMMAND"), then you will see the Windows command console, we just want to use it to complete our remaining Test, the following contains a lot of commands where the characters in {} are my comments:

quote:

------------------ -------------------------------------------------- ------------

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

F:\\Test>mkdir s\\ {Our first attempt, Windows only created the S folder "\\" was ignored}

F:\\Test>mkdir s\\s1\\ {Or Failed, Windows first created the S folder, then created the s1 folder in S}

F:\\Test>mkdir s.\\ {"s.\\" is parsed into S".\\" Ignore the }

subdirectory or the file s.\\ already exists.

F:\\Test>mkdir s..\\ {finally succeeded, now you can see "s." in the Explorer but can't open/delete}

F:\\ Test>mkdir s...\\ {has been successful, in the resource browser you can see "s.." can be opened but cannot be deleted}

Why is this? Let's first say that you see this "S." folder, he can't open it or delete it, it can't be opened because his actual path is "F:\\Test\\s..\\" (we created it ourselves so we can Determine his actual path) but in Windows Explorer the name becomes "S." That is, when you try to open it, Windows actually tries to open "F:\\Test\\s.\\". Of course it cannot be opened. The file does not exist, so Windows will report an error. Can not be deleted because of this, Windows resolves an actual file path error into a non-existent path, and the operation is of course impossible.

It is said that the file "S.." can be opened, but it cannot be deleted. Wait... open? Do you think Windows really opened the "s...\\" file we created? We will understand the following test. Still the old rules{} is my comment for everyone to understand: