Ceh v8: System Hacking

LAB 3

Find Hidden Files Using ADS Spy

Ads Spy is a tool used to list, view, or delete Alternate Data Stream (ADS) on Windons Server2008 nith N TFS filesystems.

Lab Scenario

Hackers have many ways to obtain passwords. Hackers can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, hackers can use remote cracking utilities or network analyzers. Tins chapter demonstrates just how easily hackers can gather password information from your network and describes password vulnerabilities that exit in computer networks and countermeasures to help prevent these vulnerabilities from being exploited on your systems. in order to be an expert ethical hacker and penetration tester, you must understand how to find hidden files using ADS Spy.

Lab Objectives

The objective of tins lab is to help students learn how to list, view, or delete Alternate Data Streams and how to use them.

It will teach you how to:

■ Use ADS Spy

■ Find hidden tiles

Lab Environment

To carry out the lab you need:

■ ADS Spy located at D:\CEH-Tools\CEHv8 Module 05 System Hacking\NTFS Stream Detector Tools\ADS Spy

■ You can also download the latest version of ADS Spy from the link http: / / www.menjn.11u/programs.php#adsspv

■ It you decide to download the latest version, then screenshots shown in the lab might differ

■ Run tins tool 111 Windows Server 2012

Lab Duration

Tune: 10 Minutes

Overview of ADS Spy

ADS Spy is a tool used to list, view, or delete Alternate Data Streams (ADS) on Windows Server 2008 with NTFS file systems. ADS Spy is a method o f stonng meta-information of files, without actually stonng die information inside die file it belongs to

Lab Tasks

1. Mavigate to the Ceh - Navigate to the CEH-Tools director}־ D:\CEH-Tools System Hacking\NTFS Stream Detector Tools\ADS Spy

2. Double-click and launch ADS Spy.