Disguise the files as phony bitmaps/other files!

If you can't just change a file's extension because your paranoid system administrator is checking for valid headers...forge some! Take the file, and slap on a bogey header to the beginning of the file to go with the bogey extension you put on it (you'll probably want to write a little program to generate truly *valid* headers, if your admin is truly a prick)  ...if you want, pretend to be a total newbie, and link a bogus bitmap file (a BMP header is only 51 bytes) into a page with an IMG SRC. You'll get a broken pic on the page, and any admins/narcs investigating will say "Duh, the newbie loze tried to use a BMP instead of a GIF..." ... and since bitmaps are inherently huge, no-one will flinch at the fact that the file spans several megabytes...

Hide them in actual, viewable GIF files!

This here's really sneaky...append your file to the end of a regular old GIF89 image and IMG SRC it into your page. All GIF files (that I've seen, anyway) end with ";"...Programs that display GIF files will read up to what would be the natural end of the file, then disregard the rest, meaning that the image will still display properly despite the junk it's carrying! If you have a binary editor handy, see what's in this Blue Ribbon graphic. (Hint for lusers: Open the file in Wordpad or similar, delete everything in there that comes before the "PK", and save it as a zipfile.)

UUencode them into HTML comments!

Who would've ever thought you could store an MP3 (ahem, legal ones) inside an HTML document? Just take whatever massive junkfile you want to store without the administrator finding it, UUencode (or MIME or binhex, or whatever) the file into an ASCII ("quoted-printable") form and stick it in a page comment:
 

... <p> I hope you enjoyed my wonderful webpage. <!-- begin 664 CONTRABAND.MP3 M*BI423@R*BH... ... end --> </body> </HTML>

If you don't want to hassle with encoding stuff, though, you can always just dump the raw file contents in between the comment tags. Just remember that if you dump raw binary stuff into the file you have to make sure your FTP client knows to upload it as a BINARY file; many will default to ASCII because HTML files are only supposed to contain text. Also remember that whatever program you use to retrieve the file must be able to handle all those funky characters (many ms-dos editors will fail this test). Finally, remember that the filesize will stand out--unless your boss/sysadmin/etc. is a bit of a dope, he will smell something fishy about a 6-meg html file! (Look into some file-splitter tools...) Also worthy of note: Even though I have a ".MP3" clearly in the example above ('cuz it's just an example), it's a good idea to change that naughty extension to something more mundane; your admin. will of course be grepping for ".mp3".

Read this too!:
If you're storing .EXE (games, etc), especially on a school/corporate network system, have a good eyeful of Fravia's packing & unpacking page. Many smarter (paranoider?) sysadmins scan for--or use programs to scan for--certain strings or byte patterns inside a program, so that even of you try to hide/rename/etc. it will still be found. On a very related note, see also his Corporate Survival section.

Also: See the "Camouflage" software at http://www.camouflage.freeserve.co.uk/ .