Wednesday, June 06, 2007

While doing some research on file type and library registrations I had a little bit of a random question. As I tried to find answers to the questions, I found a nice little resource about hidden file types. At a rather humorously titled site, Microsuck.com, I found a nice resource about a few switches I had never seen before. (The article is titled Microsoft's Really Hidden Files by the way.) Within the article it discusses explorer pre-configured masking of the IE and TIF (Temporary Internet Files) regardless of whether you modify the .ini files in these directories. What's more interesting, and here is where the switches begin to come into the picture, is the fact that DOS does not mention anything about these directory contents. In the article, it is discussed that you should go to these directory, use the dir command with an /as/s switch to display the contents. Now, you can't see the contents via Explorer even if you turn on the hidden files in the Folder Options >> View panel. Being an anti-Microsoft proponent this is an interesting arguing point, but, the extra piece of info gives a nice bit of leverage to extra otherwise inaccessible files. Furthermore, I discovered the Recycler (Recycled in pre-XP OS's) directory and was able to find some interesting contents on test machines with the /as/s switch there as well. You have to know the profile ID numbers for each profile on the machine, otherwise you're out of luck because, again, you cannot browse to the folder contents via Explorer, but you can access them with the /s[ecret] switch. This type of stone being turned over makes me wonder what other hidden directories I don't know about. I did run C:\dir /as/s > c:\testoutput\hidden.txt to find a nice accessible list, because, otherwise, I'd have to run a huge buffer for the DOS window. It took a while to process, but showed a lot of space Microsoft hidden directories consume. Neat stuff. I like CEH research.

No comments: