Wilders Security Forums  

Go Back   Wilders Security Forums > Archived Forums > Closed Sub-Forums > NIS File Check Forum
Reload this Page Hidden Files
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old February 14th, 2003, 08:21 PM
FanJ
 
Posts: n/a
Default Hidden Files
The discussion topic of this thread is:

What would/should we expect our File Integrity Checker to do with a file with attr h.
Do we want our File Integrity Checker to return an HASH-checksum for it or are we satisfied with a result "file doesn't exist"?

I will give you examples on my Windows 98 SE system.

Look at the file C:\WINDOWS\desktop.ini

What tells NISFileCheck me about C:\WINDOWS\desktop.ini

It has no problem with it:
Application: c:\windows\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7


Look at the file C:\WINDOWS\System\wsock32.dll in case you have installed SockLock from PSC (link: http://www.nsclean.com/socklock.html ).

NISFileCheck has no problem with it:

Application: c:\windows\system\wsock32.dll
Status: Unchanged
Version old: 4.10.1998
Size old: 40960
Date old: 1999-08-11 14:13:18
RMD160 Hash old: BEC911836E9672BEF5620544E28CA8B9471B48E3

Now we will have a look at the CRC32-test in TDS-3.
What does it tells me?

07:53:09 [CRC32] Started - verifying 124 files ...
07:53:10 [CRC32] File doesn't exist: C:\WINDOWS\desktop.ini
07:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\wsock32.dll
07:53:15 [CRC32] Test finished.

What have wsock32.dll and desktop.ini in common?
They both have the attr r and h.


Now we will try C:\Program Files\desktop.ini :
Its attr is: h

What says NISFileCheck:

Application: c:\program files\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7

What says the CRC32-test in TDS-3:

08:20:09 [CRC32] File doesn't exist: C:\Program Files\desktop.ini


Now I take a complete different HASH-utility:
Karen's Hasher that calculates a MD5 Hash:
Link: http://www.karenware.com/powertools/pthasher.asp

What tells Karen's Hasher me about those files:

C:\WINDOWS\desktop.ini :
MD5 is EC6C63693372A4135193789DD2CB7CB1

C:\WINDOWS\System\wsock32.dll :
MD5 is F9F23B6D7AE19BD7DAD676B26ACA2558

c:\program files\desktop.ini
MD5 is EC6C63693372A4135193789DD2CB7CB1
 

Wilders Security Forums > Archived Forums > Closed Sub-Forums > NIS File Check Forum « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:16 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums