[ISN] NetBus remote NT 'admin' tool

From: mea culpa (jerichoat_private)
Date: Sat Sep 05 1998 - 01:24:38 PDT

  • Next message: mea culpa: "[ISN] Learn How to Hack"

    Forwarded From: "Schadey, Robert - TSAC, INC." <SchadeyR@SHAFTER-EMH3.ARMY.MIL>
    
    
    Similar to Back Orifice, uses ports 12345 and 12346
    
    Description
    
    The program can be used as an remote administration tool, or more likely,
    just to have some fun with your friends on your local network, or even
    over the global internet (should not be used to systematic irritate
    people). 
    
    Installation
    
    NetBus consists of a server and a client-part. The server-part is the
    program which must exists on the person's computer that you want to have
    fun with. The client-part is your little, nice program that "controls" 
    the target computer! 
    
    Put the NetBus server, Patch.exe (which can be renamed), anywhere on the
    target computer and run it. By default it installs itself in the system,
    so it starts automatically every time Windows starts. 
    
    Put the NetBus client, NetBus.exe, on your computer. 
    
    Start NetBus and choose which hostname (or IP-number) you wish to connect
    to! If Patch is running on the target computer you will able to connect.
    Let's have fun! 
    
    Note that you don't see Patch when it's running - it's hiding itself
    automatically at start-up! 
    
    TCP/IP is the protocol that NetBus and Patch is using. That is, you
    address someone with host-names or IP-numbers. NetBus will connect you to
    someone with the Connect button. 
    
    Advanced issues
    
    There are some command-line parameters you can use with Patch:
    
    * Patch /noadd means that you don't want Patch to start every
    Windows-session, probably most used for testing purposes.
    
    * Patch /remove removes itself from memory and registry.  If you feel that
    you want a more sophisticated NetBus-server package that integrates Patch
    with another software/game you can just execute Patch from that software,
    and the NetBus server will be installed without any notice. 
    
    Note that Patch.exe can be (re-)named to whatever you want. 
    
    Expert issues
    
    Of course the NetBus-server is always needed to be run before any client
    can connect to it. But how do you get it to run on the "victim's" 
    computer if you don't have physical access to it or can "persuade" the
    user to run it himself? 
    
    Actually, it is possible, but to manage this you need to be a skilled
    programmer. Basically, you will need to find and exploit bugs in
    Microsoft's Internet-programs. You may have heard of that recently
    Microsoft wanted all their customers to download a patch for their e-mail
    clients. 
    
    Any unpatched program can give a good hacker the opportunity to execute
    arbitrary code in the system if the user opens/reads an e-mail that
    exploits the common "buffer overflow" bug. The filename of the attachment
    can be long enough to cause an overflow of the stack. This could then
    cause an jump to some code that lies in the "filename string"  which can
    do anything, for example download programs from Internet and execute it! 
    
    What's new?  
    
    * The NetBus server doesn't log incoming connections any more. 
    
    * SysEdit is renamed to Patch and installs itself automatically on the
    system, without need of the old /add parameter. Because of that, the
    parameter /noadd was added. 
    
    * From now on, Patch removes any old instance of itself from memory if you
    start it twice or more.
    
    * Patch now contains KeyHook.dll as a resource, which is extracted at
    startup!
    
    * Patch doesn't show up in the task list (Win95/98). 
    
    * Deletion of files (added on users request, should not be abused).
    
    * Uploaded files can now be placed in any directory. 
    
    * Keys on the keyboard can be disabled. 
    
    * Pressing F12 ("boss-key") will minimize NetBus quick and easy into the
    traybar.
    
    * Easier password-protection management. 
    
    * Message dialog manager. 
    
    * Show, kill and focus windows. 
    
    Author's comments
    
    The first public NetBus-version was released in the middle of march -98. 
    Back then, the user-interface was in swedish and I thought it could be
    nice to share this program with others. Wow, what reactions and comments
    it got! 
    
    Some months later it appeared natural to translate the program to english.
    Thanks to this, now NetBus seems to be used and loved (mostly J)
    everywhere! And since then many people have asked me to do newer versions
    of this software. This version includes the most requested features, like
    easier installation. 
    
    You contact me by sending an e-mail to cfat_private You're encouraged
    telling me how fun you have had! 
    
    Functions
    
    * Open/close the CD-ROM once or in intervals (specified in seconds).
    
    * Show optional image. If no full path of the image is given it will look
    for it in the Patch-directory. The supported image-formats is BMP and JPG.
    
    * Swap mouse buttons - the right mouse button gets the left mouse button's
    functions and vice versa.
    
    * Start optional application. 
    
    * Play optional sound-file. If no full path of the sound-file is given it
    will look for it in the Patch-directory. The supported sound-format is
    WAV. 
    
    * Point the mouse to optional coordinates. You can even navigate the mouse
    on the target computer with your own!
    
    * Show a message dialog on the screen. The answer is always sent back to
    you!
    
    * Shutdown the system, logoff the user etc. 
    
    * Go to an optional URL within the default web-browser. 
    
    * Send keystrokes to the active application on the target computer! The
    text in the field "Message/text" will be inserted in the application that
    has focus. ("|" represents enter).
    
    * Listen for keystrokes and send them back to you! 
    
    * Get a screendump! (should not be used over slow connections) 
    
    * Return information about the target computer. 
    
    * Upload any file from you to the target computer! With this feature it
    will be possible to remotely update Patch with a new version. 
    
    * Increase and decrease the sound-volume. 
    
    * Record sounds that the microphone catch. The sound is sent back to you!
    
    * Make click sounds every time a key is pressed! 
    
    * Download and deletion of any file from the target. You choose which file
    you wish to download/delete in a nice view that represents the harddisks
    on the target!
    
    * Keys (letters) on the keyboard can be disabled.</LIA
    
    * Password-protection management. 
    
    * Show, kill and focus windows on the system.  The functions above (there
    are some logical exceptions) can be delayed an optional number of seconds
    before they are executing. 
    
    Connecting
    
    The connect button has one very nice feature. It can scan IP-numbers for a
    NetBus computer. As soon as it connect to someone it will stop. The syntax
    for IP-scanning is xx.xx.xx.xx+xx, e.g. 127.0.0.1+15 will scan all
    IP-numbers in the range 127.0.0.1 to 127.0.0.16. 
    
    Password protection
    
    If you just want to have fun with your friend's computer yourself, and
    don't want someone else to connect to it you can password protect it. To
    accomplish this you start SysEdit with the parameter /pass:thepassword, or
    use the administration functions in NetBus. 
    
    Now everybody who hasn't the correct password will fail when trying to
    connect or sending commands to that computer.  Hint
    
    You should perhaps test the functions in NetBus against yourself before
    you start fooling with your friends, so you know what's happening (send
    text will, however, not work on yourself)! Your own machine can be
    addressed via "localhost". 
    
    Systemdemands
    
    Windows 95, Windows NT or later versions of Windows. 
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:13 PDT