[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] NTFS exploit
From:       "Geo" <geoincidents () getinfo ! org>
Date:       2002-09-30 16:27:57
[Download RAW message or body]

I've seen this mentioned before (on bugtraq I think) but I had never seen a
way to use it to hose a drive before.

To see Windows 2000 NTFS use up all free space in an unrecoverable manner.
(don't do this on a drive you can't afford to format)


Create a directory called "dead"

go into that directory and create a text file called dead.txt copy these
instructions into the text file before saving it. (just some text to take up
space should be under 1K in size)

Ok, now open my computer, right click on the disk drive you are using and
pick properties, pick tools, pick defragment and click on the analyze
button. Notice how much of the drive shows as green system files.

ok now from a command window log to the directory

cd /dead

and type this

FOR /L %1 in (1,1,2000000) copy dead.txt dead%1.txt

what this does is creates 2,000,000 copies of the dead.txt file. Now that
they are created go ahead and check again in the defragment/analyze window,
see all the green? Ok now in your command window making sure you are still
logged to /dead go ahead and delete all those files

cd /dead
delete *.txt

now check the defragment/analyze window again, no change right?

If you had created enough .txt files to use up all the free space on your
drive you would now not be able to save a large file to the drive.

The problem is that NTFS stores small files in the actual directory table
instead of as a separate data stream, it does this for efficiency. It also
never releases this space once it's been used.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]