Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you copy a file into an NTFS alternate data stream in Powershell?

Tags:

powershell

windows-10

ntfs

alternate-data-stream

I'm trying to create a proof of concept of an example I saw in a textbook for one of my cybersecurity classes. I set up the required files and tried it but I only am getting errors.

This is the example:

C:\> type C:\windows\system32\notepad.exe > c:\windows\system32\calc.exe:notepad.exe

This is what I did:

C:\> type c:\hello.exe > c:\README.txt:hello.exe

where hello.exe is an executable that prints hello world, and README.txt is a text file with some random text in it.

The error I get is:

out-file: The given path's format is not supported.

when there is a space between the first parameter and the redirectional operator, and

Get-Content : A positional parameter cannot be found that accepts argument 'C:\README.txt:hello.exe'.

when there is no space.

I've tried replacing type with cat, adding and removing spaces between operators, creating the alternate stream before trying to import the data, and different file types. Also, tangent question, I'm having trouble getting ::$DATA to work on NTFS files. It just gives the cat : Cannot find path 'C:\hello.exe::' because it does not exist.

like image 935
Austen Reece Avatar asked Oct 21 '25 13:10

Austen Reece

1 Answers

In PowerShell type, cat or gc are all just aliases to Get-Content, which work with texts by default, so obviously you can't use them for binary data (In cmd type also just works with texts). To work with binary files you must use -Encoding Byte or -AsByteStream to tell Get-Content to not deal with the file as text

Besides you can't use redirection to save the output because > is just an alias to Out-File, which doesn't support streams. You must specify the stream to store with the -Stream option in Set-Content

Get-Content -Encoding Byte "C:\windows\system32\notepad.exe" | `
    Set-Content -Encoding Byte -Stream Notepad .\README.txt

In fact lots of cmdlets in PowerShell like Get-Item, Get-Content, Remove-Item, Set-Content, Clear-Content, Add-Content have the -Stream option to operate on streams. Unfortunately Out-File doesn't have this option

See also Interact with Alternate Data Streams

like image 185
phuclv Avatar answered Oct 23 '25 02:10

phuclv
Sign in to Comment

Related questions

How to remove filename from Select-String results with Context option in Powershell?
Set PasswordNeverExpires flag for Local User Group through Powershell
Powershell: how to turn an array of objects into an array of integers?
Powershell: Use user32.dll in .psd1 file
Searching for a literal hyphen in powershell
Is it possible to set powershell opacity through commandline
Calling a Powershell script from Batch script..But need the batch script to wait for the Powershell script to complete
Liquibase Windows MySQL - Cannot find database driver: com.mysql.cj.jdbc.Driver

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!