Ingenious use of Windows file system vulnerabilities (2)

F:\\Test>echo 1 > Txt1.txt {Create "F:\\Test\\Txt1.txt" file}

F:\\Test> ;copy Txt1.txt s..\\ {Copy the file just created to "s..\\", which is the resource manager's "S."}

1 file has been copied.

F:\\Test>echo 2 > Txt2.txt {Create "F:\\Test\\Txt2.txt" file}

F:\\Test>copy Txt2.txt s.. \\ {Copy the file just created to "s...\\", the resource manager's "S.."}

has copied 1 file.

F:\\Test>

Now go back to your Explorer and open the "S.." folder. What do you see? How is the "Txt1.txt" file here? We just copied it to "S." Did we open the "S.." folder and actually open the "S."? This is a good fact. In fact, if you create another "S" folder, "S." will open, but actually open "S".

"How do I delete it?" It is not difficult to delete it, but the conventional method is absolutely impossible to delete. There are two ways to choose from: 1; enter dos delete (not recommended). 2; Still enter the command prompt and enter "rmdir directory name", the directory name is the name you created when you create it, if you forget it, you can first view it in the resource manager, then add ".\\". If the prompt "The folder is not empty" should be added with the "/s" parameter. Delete instance:

quote:

--------------------------------- -----------------------------------------------

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

F:\\Test>dir

Drive F The volume of the volume is BGTING

The serial number of the volume is 2C8E-FE1C

The directory of F:\\Test

2003-09-11 17:50 <DIR> .< Br>

2003-09-11 17:50 <DIR> ..

2003-09-11 18:35 <DIR> s.

2003-09-11 18:37 <DIR> s..

1 file 9 bytes

5 directories 3,390,029,824 Available bytes

F:\\Test>rmdir s.. The directory is not empty.

F:\\Test>rmdir s..\\ /s

s..\\, Do you confirm (Y/N)? y

F:\\Test>rmdir s...\\ /s

s...\\, Do you confirm (Y/N)? y

We can do a lot of things with this vulnerability, such as wanting to access the "S" folder, but when there is no permission, we can create "S..\\" to point to "S" so that we can browse across permissions. . And a new generation of Trojans is likely to use this vulnerability to hide itself in a "X..\\" directory so that users can not find him, even professional-level anti-virus software will only kill "X" and skip "X..\\". If a malicious program creates a lot of "..\\" folders on the machine's computer, haha~ At that time, Fotmat might be the best choice. It seems that Microsoft officials have not released any precautions yet.

How is it a little dizzy? Don't be afraid that "halo" is normal, I have been dizzy many times. :)

Ok, it’s a bit messy to say so much. I will summarize it below:

1; After creating the "X..\\" folder in Windows, the folder will not be deleted by the normal method, but you can copy the file into it and display it in the Explorer. X.", the wrong point to the "X" folder. (Hey, how is it like a shortcut?)

2; The way to create "X..\\" is to type "mkdir X..\\" at the command line.

3; delete it by typing "rmdir directory name" on the command line, the directory name is the name you created, if you forget it, you can first view it in the resource manager, then add ".\\ ". If the prompt "The folder is not empty" should be added with the "/s" parameter.