Wednesday, November 2, 2022

Simple way to hide files in Windows

Test Environment

1.     Windows 11 Pro 21H2

 

Here will discuss 3 topics:

1.     Create a hidden text file

2.     Create an embedded hidden executable file

3.      Run the hidden executable file

 

Create a hidden text file

Below command create a normal text file

C:\temp>echo This is Normal Text. > normal.txt

 

C:\temp>type normal.txt

This is Normal Text.

 

 Below command create hidden text using stream

C:\temp>echo This is hidden text. > normal.txt:hidden.txt

 

C:\temp>type normal.txt

This is Normal Text.

 

Type command cannot show the hidden text

C:\temp>type normal.txt:hidden.txt

The filename, directory name, or volume label syntax is incorrect.

 

Dir command won’t show the hidden file

C:\temp>dir

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free

 

Use “dir /R” to show the hidden file

/R          Display alternate data streams of the file.

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                                      23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free

 


 

Use notepad to show the hidden text

C:\temp>notepad normal.txt:hidden.txt


 

 

Delete the normal.txt will delete the hidden file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                    23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,533,440 bytes free

 

C:\temp>del normal.txt

 

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:17 PM    <DIR>          .

               0 File(s)              0 bytes

               1 Dir(s)  56,873,533,440 bytes free

 


 

Hide Calculator

Create a normal text fle

C:\temp>echo This is Normal Text. > normal.txt

 

Find the location of the Calculator app

C:\temp>where calc.exe

C:\Windows\System32\calc.exe

 Hide the Calculator App into the normal text file

C:\temp>type C:\Windows\System32\calc.exe > normal.txt:calc.exe

 

“dir” comman won’t show the embedded file

C:\temp>dir

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,876,064,768 bytes free

 

Use “dir /R” to show the file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

                                                     27,648 normal.txt:calc.exe:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,877,633,536 bytes free



Run the embedded Calculator App

For old windows like XP, win 7, use “start” command.

C:\temp>start normal.txt:calc.exe

In Windows 10 and 11, using “start” command will pop up the “Look for app” window

 

The correct command to run the embedded file is “forfiles”

C:\temp>forfiles /P c:\Windows\System32 /m notepad.exe /c "c:\temp\normal.txt:calc.exe"



Two Free Temporary Virtual Machine

 Scenario

Sometimes you want to use a computer that is outside of your network to test firewall rule, or you might just want to run some tests.

For example, if you are in a school, you want to play browser games, you can use these Virtual Machines to bypass the firewall restriction.

Microsoft Learn provide some temporary virtual machines in their labs. The purpose of these virtual machines was used to practice the lab exercises, but you can use for others.

Requirement:

  1.  A Microsoft free account: @outlook.com, @live.com, @hotmail.com etc.
  2. Edge or Chrome Browser.
  3. https://github.com/kmille36/Windows-11-VPS

First Virtual Machine

  1. Open Microsoft Edge Browser, login with your Microsoft free account.
  2.  Open Url: https://learn.microsoft.com/en-us/training/modules/implement-common-integration-features-finance-ops/10-exercise-1 
  3. (You might need to agree to an announcement)

  4. Click “Launch VM Mode” button.
  5. Wait for a few minutes, the VM will be ready to use.
  6. On the right panel, click “Resources” tab, you can see the username and the password. It also shows how many hours remaining. Typically, you can use it for 2 hours.
  7.  Enter the password and login to the machine.
  8. The flash icon on the up-left screen provides some keyboard function.
  9. You can make it full screen by click the screen icon beside the flash icon.
  10. After you finish the testing, you can shut down the VM, click the “Instruction” tab on the right panel. Click “Done” button at the down-right of the screen. 
 

 

Second Virtual Machine

  1.  For this VM, you will need to run some Azure Cloud Shell commands to create it. Fortunately, https://github.com/kmille36/Windows-11-VPS has some scripts to make it very simple.
  2. Open Microsoft Edge Browser, login with your Microsoft free account.
  3. Open Url: https://learn.microsoft.com/en-ca/training/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine
  4. Click on “Activate Sandbox” button. 
  5. You might be asked for the permissions, just accept all the required permissions.

  6. Wait for a few minutes until the Azure shell window ready.
  7. Enter command: curl -skLO is.gd/azurewinvmplus ; chmod +x azurewinvmplus ; ./azurewinvmplus

  8.  Follow the instruction to create the VM that suitable for you.
  9. Once you see “…is READY TO USE !!!” message, you can use Remote Desktop tools to connect to this VM. The IP, username and password can be found on the screen.

     

    Use Cases:
    1. Run NMAP to scan public IPs.



     

    References:

    1.    https://docs.microsoft.com/learn/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine?activate-azure-sandbox=true

    2.    https://learn.microsoft.com/en-us/training/modules/implement-common-integration-features-finance-ops/10-exercise-1

    3.    https://learn.microsoft.com/en-ca/training/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine

    4.    https://github.com/kmille36/Windows-11-VPS

     

Thursday, October 13, 2022

Fix UTM “File size exceeds the limit allowed” issue

 

Environment:

1.     MacBook Pro 2021, Apple M1 Pro Silicon

2.     UTM version: 3.2.4(58)

3.     Virtual Machine: Windows 11 21H2 ARM

 

Symptoms

Tried to copy a 50M file from the shared folder to the windows virtual machine, got a popup error window:

 

An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.

 

Error 0x800700DF: The file size exceeds the limit allowed and cannot be saved.

 



 

 

Solution

Run “regedit”, open Registry Editor.

 

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters

 

Right click on the FileSizeLimitInBytes and click Modify

 

Click on Decimal

 

In the Value data box, type 4294967295, and then click OK. (extend the file size limit to 4G).