SharpADS

C# program to write, read, delete or list Alternate Data Streams (ADS) within NTFS. It can "hide" payloads inside both files or directories.

Write one ADS value

Create or update and ADS value. The payload can be a string, a hexadecimal value or a url to download a file:

SharpADS.exe write FILE_PATH STREAM_NAME PAYLOAD

Example using a string:

SharpADS.exe write c:\Temp\test.txt ADS_name1 RandomString

Example using a hexadecimal value (payload starts with "0x..."):

SharpADS.exe write c:\Temp\test.txt ADS_name2 0x4142434445

Example using the content of a downloaded file (payload starts with "http..." or "https..."):

SharpADS.exe write c:\Temp\test.txt ADS_name3 http://127.0.0.1:8000/a.bin

Read one ADS value

SharpADS.exe read FILE_PATH STREAM_NAME

Example:

SharpADS.exe read c:\Temp\test.txt ADS_name1

Delete one ADS value

SharpADS.exe delete FILE_PATH STREAM_NAME

Example:

SharpADS.exe delete c:\Temp\test.txt ADS_name1

List all ADS values

SharpADS.exe list FILE_PATH

Example:

SharpADS.exe list c:\Temp\test.txt

Clear all ADS values

SharpADS.exe clear FILE_PATH

Example:

SharpADS.exe clear c:\Temp\test.txt

Credits

This is based on C++ code from Sektor7's Malware Development Advanced - Vol.1 course.

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
SharpADS		SharpADS
README.md		README.md
SharpADS.sln		SharpADS.sln

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SharpADS

Write one ADS value

Read one ADS value

Delete one ADS value

List all ADS values

Clear all ADS values

Credits

About

Releases 1

Sponsor this project

Languages

ricardojoserf/SharpADS

Folders and files

Latest commit

History

Repository files navigation

SharpADS

Write one ADS value

Read one ADS value

Delete one ADS value

List all ADS values

Clear all ADS values

Credits

About

Topics

Resources

Stars

Watchers

Forks

Releases 1

Sponsor this project

Languages