Last active
July 30, 2025 17:56
-
-
Save chriselgee/bf41951d0b51d0ef9d2504a36921cd13 to your computer and use it in GitHub Desktop.
Revisions
-
chriselgee revised this gist
Jul 19, 2024 . 1 changed file with 10 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ To find all streams within **file.txt**: `Get-Item .\file.txt -Stream *` ``` PSPath : Microsoft.PowerShell.Core\FileSystem::C:\file.txt::$DATA @@ -21,6 +21,7 @@ FileName : C:\file.txt Stream : Zone.Identifier Length : 104 ``` We can then view that second stream: `Get-Content .\file.txt:Zone.Identifier` ``` @@ -29,8 +30,15 @@ ZoneId=3 ReferrerUrl=http://10.10.1.15:8000/ HostUrl=http://10.10.1.15:8000/file.txt ``` Delete the stream with: `Remove-Item .\file.txt -Stream Zone.Identifier` Add other streams with: `Set-Content .\file.txt:Dank.Memes -Value "All your base"` In cmd.exe, you can: * `dir /R` to see all ADS in a directory * `echo Hidden text > file1.txt:hidden` to add text as an ADS * `more < file1.txt:hidden` to see the hidden text * `type nc.exe > file1.txt:nc.exe` to hide an executable in a text file -
Feb 11, 2022 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,5 +31,6 @@ HostUrl=http://10.10.1.15:8000/file.txt ``` Delete the stream with: `Remove-Item .\file.txt -Stream Zone.Identifier` Add other streams with: `Set-Content .\file.txt:Dank.Memes -Value "All your base"` -
Feb 8, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,35 @@ To find all streams within `file.txt`: `Get-Item .\file.txt -Stream *` ``` PSPath : Microsoft.PowerShell.Core\FileSystem::C:\file.txt::$DATA PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\ PSChildName : file.txt::$DATA PSDrive : C PSProvider : Microsoft.PowerShell.Core\FileSystem PSIsContainer : False FileName : C:\file.txt Stream : :$DATA Length : 176 PSPath : Microsoft.PowerShell.Core\FileSystem::C:\file.txt:Zone.Identifier PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\ PSChildName : file.txt:Zone.Identifier PSDrive : C PSProvider : Microsoft.PowerShell.Core\FileSystem PSIsContainer : False FileName : C:\file.txt Stream : Zone.Identifier Length : 104 ``` We can then view that second stream: `Get-Content .\file.txt:Zone.Identifier` ``` [ZoneTransfer] ZoneId=3 ReferrerUrl=http://10.10.1.15:8000/ HostUrl=http://10.10.1.15:8000/file.txt ``` Delete the stream with: `Remove-Item .\file.txt -Stream Zone.Identifier` Add other streams with: `Set-Content .\file.txt:Dank.Memes -Value "All your base"`