Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Several of these issues are quite amazing (and have not been patched). However, before getting to the cool tricks themselves, there is something greater about this article.
- When people code, they check and validate for what they actually know is legal and allowed. But, what if something isn’t accounted for? What happens then?
- It’s really important to think as the programmer; what would have you done for this?
- These things aren’t accounted for, like weird encodings, edge cases, real representation of string, then bypasses start to happen.
- Finding the usable but not ‘normal’ way, is where a lot of bypasses live at.
- Files in NTFS are stored in the following form:
: . This will help for the rest of the bypasses below.: - Create Folders without the proper Permissions: Although this was patched, it is still interesting. “::$INDEX_ALLOCATION” to the end of a filename will create a folder instead of a file and Windows currently doesn’t include a check for this corner case.
- Bypass Path Restrictions with Alternate Data Streams: The default data stream is data. However, there are multiple other data streams in Windows that can be used. Using different data streams can bypass simply whitelisting solutions.
- Create Files which can't be found by using the "..." folder: Normally files with just dots cannot be created. But, by using the index allocation trick, this can be done.
- "Hide" the Destination of a Directory Junction: Junctions are like symbolic links in windows. It is possible to hide these using the index allocation trick.
- Overall, there is understanding how the system works and abusing its features to make something beautiful :)
