Author Topic: "Really Hidden Files"?  (Read 3550 times)

<IsraeliTerrorist>

  • Guest
"Really Hidden Files"?
« on: 13 December 2001, 05:53 »
quote:
I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer after enabling it to view all files...


Could one give an example of such a file/folder?

 
quote:
The UICLSID line cloaks the folder in both DOS and Explorer. The CLSID line disables the "FIND" utility from searching through the folder. (Additionally, it gives a folder the appearance of the "History" folder.)


How can the folder be cloaked yet have the appearance of the "'History' folder?"

System folders are quite visible in Windows Explorer and in DOS when the appropriate settings or methods are used.  For example, in Windows Explorer (in Win Me) go to the "Tools" menu and click on "Folders options...".  View the "View" tab and uncheck the option "Hide protected operating system files (Recommended)."

Additionally, in DOS one can also view such folders quite easily.  Such information has seemingly been excluded from the featured article, however.  At the command prompt, type:

dir c:\ /s /ads

...to view all system directories on the C drive.  Alternatively, one can replace the "s" in "/ads" with an R or H to view read-only files or hidden files, respectively.  The process can be repeated once inside a system directory by typing:

dir /s /ads

...where the "s" can be replaced as needed as well.

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #1 on: 14 December 2001, 00:28 »
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)

An example of such folders would be

C:\windows\tempor~1\content.ie5

and

C:\windows\history\history.ie5

Without knowing the names of these files, you will never find them. These files also have subdirectories in them, which makes them particularly interesting. Go take a look.

While you're at it, copy the index.dat file out of this folder and prepare to be astonished. I realize that not many people know about these folders. There isn't anything very *evil* about them, because I guess they do have some practical use. But just try and delete them, and watch them pop back up after you restart windows. When you're ready to know more go here:

http://crackice.cjb.net

My website will give you a little more insight into these folders.

{Oh, and you CAN find the content.ie5 folder using Explorer. The only problem is that it will look like the folder is empty. THAT IS A LIE!}
crackice.cjb.net

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #2 on: 14 December 2001, 00:32 »
Oh, I apoligize, the first DIR command you've listed doesn't work. The second one did if you first go into the parent folder where the secret directory is stored. This is still a bit misleading though.

Sorry.  ;)
crackice.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #3 on: 14 December 2001, 00:56 »
quote:
Originally posted by ChakanTGM:
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)

An example of such folders would be

C:\windows\tempor~1\content.ie5




Without doing *any* research on this subject and rather than booting into Windows on my dual boot machine I just looked at the Windows partition from my Linux side.  Under "/c/windows/Temp*/Content.IE5" I see directories that I believe are IE browser cache directories, similar to the cache directories you will find in Netscape or on a Squid proxy. I believe they are the files/directories you will see if you right click on the IE icon, then "properties", then "settings" then "view files". The index.dat file would be an index to these files and would be where the list you see in the IE settings come from (in Linux do a "strings index.dat | more" and compare). So they are special folders and files that are in my guess built for speed (hash DB etc).  There is nothing wrong with this in my opinion, as much as I would like to find something to slam MS with.  Nothing any of the other OSs aren't doing... e.g. /proc filesystem, "loop" devices etc...

If you can't find the files in the Win partition from the Linux side then they aren't really files at all.  They are probably a data file that when viewed with a special program or driver may contain what can be displayed as files/directories through that driver/program.

For instance, take a CD ISO image file on a Linux hard drive.  In that form it is just a file, an image of an ISO file system.  Now if you mount that file using a "loop" device you can use it as a real filesystem and make it appear as part of your current filesystem.

Am I off on this, or do you have examples other than IE cache or history?
Someone please remove this account. Thanks...

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #4 on: 14 December 2001, 01:03 »
quote:
Originally posted by ChakanTGM:
Oh, I apoligize, the first DIR command you've listed doesn't work. The second one did if you first go into the parent folder where the secret directory is stored. This is still a bit misleading though.

Sorry.   ;)  



And did you try looking at and changing the attributes of the directory/files using the "attrib" command?  I'm taking another guess that these may have hidden/system attributes and that doing an "attrib | more" would see these directories, and if you did an "attrib -r -h -s tempor~1.ie5" you will be able to see it with a normal "dir" command and be able to cd into it.

This is not rocket science and not sinister....  I'll surely be happy to be wrong... let me know.
Someone please remove this account. Thanks...

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #5 on: 14 December 2001, 01:09 »
All I can say is, restart your computer in Windows and test your hypothesis. They don't call them "REALLY HIDDEN FILES" for nothing.

{If you don't want to do that, then here's the answer: You will not see these files the way you've described.}

If you would like to research this, go to the homepage of this website and look for "Microsoft's Really Hidden Files" by theRIDDLER.

Or go to Hackers.com and ask him about these files yourself.

I think it's nice that you mention Linux can go into these files without a hitch.
crackice.cjb.net

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #6 on: 14 December 2001, 01:16 »
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.

These files are recreated, using the same attributes, everytime you start up Windows.

I know this for a fact.

The reason these files are such a big nusance is simply the index.dat files which are contained in them.

They store every single website you have ever been to since you've had Internet Explorer. This is because when you clear the cache, these files aren't cleared. And they are even preserved when the folders that contain them are recreated.

Think about this.
crackice.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #7 on: 14 December 2001, 02:15 »
quote:
Originally posted by ChakanTGM:
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.



Well, I can understand why these "special" files/directories are recreated when they are critical to the operation of their OS and or browser.  I *am* surprised though that Microsoft actually "thought ahead" and checked for the existance of files/directories critical to the operation of OS actually existed, let alone recreate them if they don't.  My guess is that the dat file not being cleared when the cache is cleared is an incompetent programmer oversight.

As to why they are hidden?  Microsoft really thinks the people that use their OS are stupid (and most of them are, technically).  Another thought is on multiuser setups of MS they probably want to make it harder for users to see where the other users of the machine have been browsing (course firewall/proxy logs take care of this   .

Again, this is the IE cache, I would expect it to be recreated when the system is rebooted if it does not exist just like Netscape does, just like Squid Proxy server does, etc etc... Why they have hidden it in the way they have I'm not convinced it's an evil plot.. Please prove me wrong...
Someone please remove this account. Thanks...

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #8 on: 14 December 2001, 02:30 »
Oh and I'm not going to reboot into Windows just to check this but do you have more than one logon user on your Win* box?  Remember that if you clear the Cache for your current logged on user it will not clear every other user's cache that has ever logged on. I believe on Win9x/me machines all users that log on use the /c/windows/Temp*/Content.IE5 for their browser cache. You have probably logged on previously as a different user.... just guessing.  Am I wrong again"?

And one more thing.. I don't have a single "*.microsoft.com" URL in my dat file (I block it at my firewall/proxy along with boatloads of others, I love censorship!).

[ December 13, 2001: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #9 on: 14 December 2001, 02:36 »
Ah, VoidMain, you are falling into the very same trap that I fell into. These files, in fact, ARE NOT CRITICAL TO THE OPERATION OF INTERNET EXPLORER OR WINDOWS!

How do I know this? Because I'm a Cracker and a Reverser.

'So what?' you're probably saying.

Well I haven't really announced it yet, but I've permenently eliminated these files. Not only that, but I've also stopped Internet Explorer from caching ANY FILES FROM THE INTERNET.

'But how?', you may ask.

"Because I'm cool like that", is what I tell everyone.

But in all seriousness, I haven't had any problems with Windows or IE since. I've even decided to make a program to do this for you automatically.

'What are you talking about?'

Go to http://crackice.cjb.net and see.

{10 minutes later}

'Holy Shit! Where can I get This?!'

Now calm down, VoidMain. Something like this needs to be copyrighted. I'll be taking care of that for the next few days. In the meantime, why don't you count down the number of days until I screw IE and Microsoft for the sake of all humanity.

By the way, those files are for record keeping purposes. Having a disk cache does not significantly speed up the Internet. Deleting the disk cache leaves risidual information on where you've been on the web. And Richard Simmons is gay.

That is all.
crackice.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #10 on: 14 December 2001, 02:40 »
quote:
Originally posted by ChakanTGM:
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.



And I think I might know why they autorecreate these directories and don't want anyone to see them (God I hate to defend MS).  I think if you have an old machine with Win95 on it you will see that the cache is not so hidden, and if you delete it it will not recreate the cache on startup.  This will cause many errors/problems and it takes a little work to recreate this (there are instructions in microsofts KB). I recall this being a fairly common problem/annoyance on our cororate desktops... I think this was a way to more easily resolve the problem and cut down on support issues.  Sound possible?
Someone please remove this account. Thanks...

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #11 on: 14 December 2001, 02:41 »
Ooops! Got to go. I'll see if I can get back to ya'll tommarrow.

peaceout
crackice.cjb.net

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #12 on: 14 December 2001, 02:46 »
By the way, my program doesn't cause problems (not since the unreleased BETA). That is what makes it so freaking cool!

Just to give you some perspective: It took me over three weeks total to do this. Usually I'm able to crack something in about 5-10 minutes. But Windows has so many hidden APIs and shit, it's hard to understand what it does sometimes.

I'm going to create a full report on these hidden files, because I strongly believe that they are malicious. I have evidence. I've just been keeping on the low.

You take care now.
crackice.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
"Really Hidden Files"?
« Reply #13 on: 14 December 2001, 02:47 »
quote:
Originally posted by ChakanTGM:

Now calm down, VoidMain. Something like this needs to be copyrighted. I'll be taking care of that for the next few days. In the meantime, why don't you count down the number of days until I screw IE and Microsoft for the sake of all humanity.



Well, I applaud your work in prying into the evil empire but you sound just like the evil empire with the above statement. Sounds like to you want a job there.

I would rather see you put your efforts into helping people get rid of MS altogether.. Write Linux code...  I don't use MS so I don't need a patch.
Someone please remove this account. Thanks...

ChakanTGM

  • Member
  • **
  • Posts: 63
  • Kudos: 0
    • http://crackice.cjb.net
"Really Hidden Files"?
« Reply #14 on: 14 December 2001, 02:55 »
Now there is nothing wrong with capitalism, VoidMain. I need money just as much as the next guy.

As far as working at MS is concerned, I wouldn't do it for the life of me. I'm an independant person. I adhere to nobody.

Writing Linux code is something I'm interested in. I also use Linux about as much as I use Windows. I will do this when I get the chance, thanks for asking.

Well, I REALLY have to go now VoidMain. Keep your eyes open.
crackice.cjb.net