Forwarded From: "Schadey, Robert - TSAC, INC." <SchadeyR@SHAFTER-EMH3.ARMY.MIL> Similar to Back Orifice, uses ports 12345 and 12346 Description The program can be used as an remote administration tool, or more likely, just to have some fun with your friends on your local network, or even over the global internet (should not be used to systematic irritate people). Installation NetBus consists of a server and a client-part. The server-part is the program which must exists on the person's computer that you want to have fun with. The client-part is your little, nice program that "controls" the target computer! Put the NetBus server, Patch.exe (which can be renamed), anywhere on the target computer and run it. By default it installs itself in the system, so it starts automatically every time Windows starts. Put the NetBus client, NetBus.exe, on your computer. Start NetBus and choose which hostname (or IP-number) you wish to connect to! If Patch is running on the target computer you will able to connect. Let's have fun! Note that you don't see Patch when it's running - it's hiding itself automatically at start-up! TCP/IP is the protocol that NetBus and Patch is using. That is, you address someone with host-names or IP-numbers. NetBus will connect you to someone with the Connect button. Advanced issues There are some command-line parameters you can use with Patch: * Patch /noadd means that you don't want Patch to start every Windows-session, probably most used for testing purposes. * Patch /remove removes itself from memory and registry. If you feel that you want a more sophisticated NetBus-server package that integrates Patch with another software/game you can just execute Patch from that software, and the NetBus server will be installed without any notice. Note that Patch.exe can be (re-)named to whatever you want. Expert issues Of course the NetBus-server is always needed to be run before any client can connect to it. But how do you get it to run on the "victim's" computer if you don't have physical access to it or can "persuade" the user to run it himself? Actually, it is possible, but to manage this you need to be a skilled programmer. Basically, you will need to find and exploit bugs in Microsoft's Internet-programs. You may have heard of that recently Microsoft wanted all their customers to download a patch for their e-mail clients. Any unpatched program can give a good hacker the opportunity to execute arbitrary code in the system if the user opens/reads an e-mail that exploits the common "buffer overflow" bug. The filename of the attachment can be long enough to cause an overflow of the stack. This could then cause an jump to some code that lies in the "filename string" which can do anything, for example download programs from Internet and execute it! What's new? * The NetBus server doesn't log incoming connections any more. * SysEdit is renamed to Patch and installs itself automatically on the system, without need of the old /add parameter. Because of that, the parameter /noadd was added. * From now on, Patch removes any old instance of itself from memory if you start it twice or more. * Patch now contains KeyHook.dll as a resource, which is extracted at startup! * Patch doesn't show up in the task list (Win95/98). * Deletion of files (added on users request, should not be abused). * Uploaded files can now be placed in any directory. * Keys on the keyboard can be disabled. * Pressing F12 ("boss-key") will minimize NetBus quick and easy into the traybar. * Easier password-protection management. * Message dialog manager. * Show, kill and focus windows. Author's comments The first public NetBus-version was released in the middle of march -98. Back then, the user-interface was in swedish and I thought it could be nice to share this program with others. Wow, what reactions and comments it got! Some months later it appeared natural to translate the program to english. Thanks to this, now NetBus seems to be used and loved (mostly J) everywhere! And since then many people have asked me to do newer versions of this software. This version includes the most requested features, like easier installation. You contact me by sending an e-mail to cfat_private You're encouraged telling me how fun you have had! Functions * Open/close the CD-ROM once or in intervals (specified in seconds). * Show optional image. If no full path of the image is given it will look for it in the Patch-directory. The supported image-formats is BMP and JPG. * Swap mouse buttons - the right mouse button gets the left mouse button's functions and vice versa. * Start optional application. * Play optional sound-file. If no full path of the sound-file is given it will look for it in the Patch-directory. The supported sound-format is WAV. * Point the mouse to optional coordinates. You can even navigate the mouse on the target computer with your own! * Show a message dialog on the screen. The answer is always sent back to you! * Shutdown the system, logoff the user etc. * Go to an optional URL within the default web-browser. * Send keystrokes to the active application on the target computer! The text in the field "Message/text" will be inserted in the application that has focus. ("|" represents enter). * Listen for keystrokes and send them back to you! * Get a screendump! (should not be used over slow connections) * Return information about the target computer. * Upload any file from you to the target computer! With this feature it will be possible to remotely update Patch with a new version. * Increase and decrease the sound-volume. * Record sounds that the microphone catch. The sound is sent back to you! * Make click sounds every time a key is pressed! * Download and deletion of any file from the target. You choose which file you wish to download/delete in a nice view that represents the harddisks on the target! * Keys (letters) on the keyboard can be disabled.</LIA * Password-protection management. * Show, kill and focus windows on the system. The functions above (there are some logical exceptions) can be delayed an optional number of seconds before they are executing. Connecting The connect button has one very nice feature. It can scan IP-numbers for a NetBus computer. As soon as it connect to someone it will stop. The syntax for IP-scanning is xx.xx.xx.xx+xx, e.g. 127.0.0.1+15 will scan all IP-numbers in the range 127.0.0.1 to 127.0.0.16. Password protection If you just want to have fun with your friend's computer yourself, and don't want someone else to connect to it you can password protect it. To accomplish this you start SysEdit with the parameter /pass:thepassword, or use the administration functions in NetBus. Now everybody who hasn't the correct password will fail when trying to connect or sending commands to that computer. Hint You should perhaps test the functions in NetBus against yourself before you start fooling with your friends, so you know what's happening (send text will, however, not work on yourself)! Your own machine can be addressed via "localhost". Systemdemands Windows 95, Windows NT or later versions of Windows. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:13 PDT