Create a folder with the "" symbol by using the Windows Vulnerability

Everyone knows that in Windows, the "" symbol is the path separator. For example, "C: Windows" means the Windows folder in the C partition, And the system.exe file in the Windows folder in the C: windowssystem.exepartition C, let's continue with the assumption:

What if the file name contains the "" symbol? Assume that "S" is the name of a folder. The folder is located at "F:" and its path is "F: S ", when we try to access the file, Windows will mistakenly think that the file we want to open is the S folder of the C partition, so that Windows cannot be opened and an error will be returned, because the preceding path does not exist.

Maybe you are creating an "S" file, but Windows will prompt you that the "" symbol cannot be used as the name of the file or folder. It seems that Windows has come up with this idea. If we continue, we do not believe that we cannot create a file containing the "" symbol.

Now open your computer and we have to make some interesting attempts. After entering Windows, click Start> Run, enter "cmd", and press enter (if it is Win98, enter "COMMAND"). Then you will see the Windows COMMAND console, we just want to use it to complete our remaining tests. The following commands contain the characters {} in my comments:

Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

F: Test> mkdir s

F: Test> mkdir ss1

F: Test> mkdir s.
Subdirectory or file s. already exists.

F: Test> mkdir s ..

F: Test> mkdir s...

Why? Let's talk about the "S. "folder, which cannot be opened or deleted. It cannot be opened because its actual path is" F: Tests .. "(we can determine the actual path we created), but in Windows resource manager, the name is changed to" S. "That is, when you try to open it, Windows actually tries to open" F: Tests. "Of course, it cannot be opened, and the file does not exist, so Windows will report an error. It cannot be deleted because of this. In Windows, parsing an actual file path error as a non-existent path and performing operations cannot be completed.

The file "S .." can be opened but cannot be deleted. Wait ...... Open? Do you think Windows really opened the "s..." file we created? You will understand the experiment below. Or the old rule {} is my comment for your understanding:

Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

F: Test> echo 1> Txt1.txt

F: Test> copy Txt1.txt s ..
1 file has been copied.

F: Test> echo 2> Txt2.txt

F: Test> copy Txt2.txt s ..
1 file has been copied.

F: Test>

Now go back to your resource manager and open the "S .." folder. What do you see? “Txt1.txt "file how can be found here? We did just copy "S? Is opening the "S .." folder actually opening "S ."? That's true. In fact, if you create another "S" folder, "S." can be opened, but "S" is actually opened ".

"How can I delete it ?", It is not difficult to delete it, but the conventional method cannot be deleted. There are two options: 1. Enter DOS deletion (not recommended ). 2. Enter the command prompt and enter "rmdir directory name". The directory name is the name you created. If you forget it, check it in the resource manager and add ".". If the prompt "the folder is not empty", add the "/s" parameter. Delete an instance:

Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

F: Test> dir
The volume in drive F is BGTING
The serial number of the volume is 2C8E-FE1C.

F: Test directory

<DIR>.
<DIR> ..
<DIR> s.
<DIR> s ..
9 bytes for one file
3,390,029,824 bytes available for five Directories

F: Test> rmdir s ..
The directory is not empty.

F: Test> rmdir s ../s
S .., are you sure you want to confirm (Y/N )? Y

F: Test> rmdir s.../s
S..., are you sure you want to confirm (Y/N )? Y

With this vulnerability, we can do a lot of things, such as accessing the "S" folder, but we can create "S .. "to point to" S "to allow cross-Permission browsing. In addition, a new generation of trojan programs may exploit this vulnerability to hide themselves in a "X .. "the user cannot find him in the directory. Even professional anti-virus software will only kill" X "and skip" X .. ". If a malicious program creates many ".." folders on the computer, Fotmat may be the best choice at that time.

1. create "X .." in Windows .. "folder, the folder will not be deleted through the conventional method, but you can Copy the file into, in the resource manager is displayed as" X. ", the error points to the" X "folder. (Hey, why is it a shortcut ?)

2. To create "X...", enter "mkdir X..." in the command line ..".

3. you can delete it by entering "rmdir directory name" in the command line. The directory name is the name you created. If you forget it, you can view it in the resource manager and add ". ". If the prompt "the folder is not empty", add the "/s" parameter.