Windows File System Vulnerabilities-minor vulnerabilities, major vulnerabilities

1. The file replacement command is useful in Windows to bypass file protection.
Replace is used to replace a file, and can be replaced with a file in use. Very invincible.
For example, create a directory under C: c: aaa
Copy an mp3 file to c: aaa and name it c: aaaa.mp3.
Then copy another song to C: a.mp3.
Then play c: aaaa.mp3 with media player
Enter: replace c: a.mp3 c: aaa at the command prompt
After a while, whether the Playing Song has changed to another one.
It's really nice to use this command to replace system files, and XP's system file protection is also ineffective.
You no longer need to replace files in safe mode.
2. Windows File System Vulnerabilities-minor vulnerabilities, major vulnerabilities
Everyone knows that in Windows, the "" symbol is the path separator. For example, "C: Windows" means the Windows folder in the C partition, And the system.exe file in the Windows folder in the C: windowssystem.exepartition C, let's continue with the assumption:
What if the file name contains the "" symbol? Assume that "S" is the name of a folder. The folder is located at "F:" and its path is "F: S ", when we try to access the file, Windows will mistakenly think that the file we want to open is the S folder of the C partition, so that Windows cannot be opened and an error will be returned, because the preceding path does not exist.
Maybe you are creating an "S" file, but Windows will prompt you that the "" symbol cannot be used as the name of the file or folder. It seems that Windows has come up with this idea. OK. Do not believe that you cannot create a file containing the "" symbol.
Now open your computer and we have to make some interesting attempts. After entering Windows, click Start> Run, enter "cmd", and run the car (if it is Win98, enter "COMMAND"). Then you will see the Windows COMMAND console, we just want to use it to complete our remaining tests. The following commands contain the characters {} in my comments:
　
Quote:
--------------------------------------------------------------------------------
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
F: Test> mkdir s {our first attempt. As a result, only the S folder "" is ignored in Windows}
F: Test> mkdir ss1 {still failed. In Windows, the S folder is created first, and then the s1 folder is created in S}
F: Test> mkdir s. {"s." parsed to S "." ignored again}
Subdirectory or file s. already exists.
F: Test> mkdir s .. {finally succeeded. Now you can see "s." In resource manager, but it cannot be opened/deleted}
F: Test> mkdir s... {again, you can see "s .." in the resource browser that can be opened but cannot be deleted}
　

Why? Let's talk about the "S. "folder, which cannot be opened or deleted. It cannot be opened because its actual path is" F: Tests .. "(we can determine the actual path we created), but in Windows resource manager, the name is changed to" S. "That is, when you try to open it, Windows actually tries to open" F: Tests. "Of course, it cannot be opened, and the file does not exist, so Windows will report an error. It cannot be deleted because of this. In Windows, parsing an actual file path error as a non-existent path and performing operations cannot be completed.
The file "S .." can be opened but cannot be deleted. Wait ...... Open? Do you think Windows really opened the "s..." file we created? You will understand the experiment below. Or the old rule {} is my comment for your understanding:
　
Quote:
--------------------------------------------------------------------------------
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
F: Test> echo 1> Txt1.txt {create the "F: TestTxt1.txt" file}
F: Test> copy Txt1.txt s .. {copy the file you just created to "s ..", that is, "S."} of the resource manager ."}
1 file has been copied.
F: Test> echo 2> Txt2.txt {create the "F: TestTxt2.txt" file}
F: Test> copy Txt2.txt s .. {copy the file you just created to "s...", resource manager's "S .."}
1 file has been copied.
F: Test>
　

Now go back to your resource manager and open the "S .." folder. What do you see? “Txt1.txt "file how can be found here? We did just copy "S? Is opening the "S .." folder actually opening "S ."? That's true. In fact, if you create another "S" folder, "S." can be opened, but "S" is actually opened ".
"How can I delete it ?", It is not difficult to delete it, but the conventional method cannot be deleted. There are two options: 1. Enter DOS deletion (not recommended ). 2. Enter the command prompt and enter "rmdir directory name". The directory name is the name you created. If you forget it, check it in the resource manager and add ".". If the prompt "the folder is not empty", add the "/s" parameter. Delete an instance:
　
Quote:
--------------------------------------------------------------------------------
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
F: Test> dir
The volume in drive F is BGTING
The serial number of the volume is 2C8E-FE1C.
F: Test directory
<DIR>.
<DIR> ..
<DIR> s.
<DIR> s ..
9 bytes for one file
3,390,029,824 bytes available for five Directories
F: Test> rmdir s .. the directory is not empty.
F: Test> rmdir s ../s
S .., are you sure you want to confirm (Y/N )? Y
F: Test> rmdir s.../s
S..., are you sure you want to confirm (Y/N )? Y
　
With this vulnerability, we can do a lot of things, such as accessing the "S" folder, but we can create "S .. "to point to" S "to allow cross-Permission browsing. In addition, a new generation of trojan programs may exploit this vulnerability to hide themselves in a "X .. "the user cannot find him in the directory. Even professional anti-virus software will only kill" X "and skip" X .. ". If a malicious program creates many ".." folders on the computer, haha ~ Fotmat may be the best choice at that time. At present, Microsoft does not seem to have released any preventive measures.

How is it a little dizzy? Don't be afraid that "Dizzy" is normal. I have been dizzy many times. :)

Well, it may be a bit messy to say so much. Below I will summarize:
1. Create "X .." in Windows .. "folder, the folder will not be deleted through the conventional method, but you can Copy the file into, in the resource manager is displayed as" X. ", the error points to the" X "folder. (Hey, why is it a shortcut ?)
2. Create "X .." by entering "mkdir X .." in the command line ..".
3. You can delete it by entering "rmdir directory name" in the command line. The directory name is the name you created. If you forget it, you can check it in the resource manager first, then add ". ". If the prompt "the folder is not empty", add the "/s" parameter.
4. There are no preventive measures.