System Hacking - p.5

Lab 4

Hiding Files Using the Stealth Files Tool

Stealth Files use a process called steganography to hide anyfiles inside of another fie. It is an alternative to encryption of files.

Lab Scenario

The Windows NT NTFS hie system has a feature that is not well documented and 1s unknown to many NT developers and most users. A stream 1s a hidden file that is linked to a normal (visible) file. A stream is not limited in size and there can be more than one stream linked to a normal tile. Streams can have any name that complies with NTFS naming conventions. 111 order to be an expert ethical hacker and penetration tester, you must understand how to hide tiles using the Stealth Files tool. in this lab, discuss how to tind hidden tiles inside of other tiles using the Stealth Files Tool.

Lab Objectives

The objective of this lab is to teach students how to hide files using the Stealth Files tool. It will teach you how to:
■ Use the Stealth Files Tool
■ Hide tiles

Lab Environment

To carry out tins lab you need:

■ Stealth Files tool located at D:\CEH-Tools\CEHv8 Module 05 System Hacking\Steganography\Audio Steganography\Stealth Files
■ A computer running Window Server 2012 (host machine)
■ You can also download the latest version of Stealth Files from the link http://www.froebis.com/engl1sh/sf40.shtml

■ If you decide to download the latest version, then screenshots shown
in the lab might differ
■ Administrative privileges to run the Stealth files tool
■ Run this tool 111 Windows Server 2012 (Host Machine)

Lab Duration

Time: 15 Minutes

Overview of Stealth Files Tool

Stealth files use a process called steganography to lude any tiles inside of another me. It is an alternative to encryption ot files because no one can decrypt tlie encrypted information or data from die files unless they know diat die ludden files exist.

Lab Tasks

1. Follow the wizard-driven installation instructions to install Stealth Files  Tool.
2. Launch Notepad and write Hello World and save the file as Readme.txt on the desktop.

FIGURE 4.1: Hello world in readme.txt

3. Launch the Start menu by hovering the mouse cursor on the lowerleft corner of the desktop.

FIGURE 4.2: Windows Server 2012 — Desktop view

4. Click the Stealth Files 4.0 app to open the Stealth File window.

FIGURE 4.3: Windows Server 2012 — Apps

5. The main window o f Stealth Files 4.0 is shown 111 the following figure

FIGURE 4.4: Control panel of Stealth Files

6. Click Hide Files to start the process of hiding the files.
7. Click Add files.

FIGURE 4.5: Add files Window

8. In S tep l, add the Calc.exe from c:\windows\system32\calc.exe.
9. In Step 2, choose the carrier file and add the file Readme.txt from the desktop.
10. In Step 3, choose a password such as magic (you can type any desired password).

FIGURE 4.6: Step 1-3 Window

11. Click Hide Files.
12. It will hide the file ca lc .ex e inside the readme.txt located on the desktop.
13. Open the notepad and check the file; ca lc .ex e is copied inside it

FIGURE 4.7: Calc.exe copied inside notepad.txt

14. Now open the Stealth files Control panel and click Retrieve Files

FIGURE 4.8: Stealth files main window

15. 111 Step 1, choose the tile (Readme.txt) from desktop 111 which you have saved the ca lc.ex e.
16. 111 Step 2, choose the path to store the retrieved hidden file. 111 the lab the path is desktop.
17. Enter the password magic (the password that is entered to liide the tile) and click on Retrieve Files!

FIGURE 4.9: Retrieve files main window

18. The retrieved file is stored on the desktop

FIGURE 4.10: Calc.ese running on desktop with the retrieved file

Lab Analysis

Document all die results and reports gadiered during die lab.

Questions
1. Evaluate other alternative parameters tor hiding files