Introduction to BO



-Acid Phantom



BO=Back Orifice

Owned=(if you dont know this expression, then you shouldnt read this article)



I wanted to write this article, so you guys out there, who think BO is safe, to be more secure. Cuz there uprise more and more anti-bo applications, that capture your IP, time, date and what command you send. BO stands for Back Orifice, and is owned by Cult of the Dead Cow (CDC). They created it, and it can be downloaded from http://www.cultdeadcow.com

The BO can do many things, such as editing Registry entries, Rebooting, Getting cached password, looking through your webcam, keylogging, erasing/creating/viewing folders/files, Killing/Spawning/Viewing Applications, Jumping through the network, the possibilities are almost endless. According to Wired, 79% of Australian ISP's are 'infected'. However, as it was before, it aint secure anymore, ip logging is now available through NOBO, BOSPY (http://www.angelfire.com/id/chaplin), BO Detector and other utilities available (such as BO freeze which freezes the person trying to scan you for BO) all over the internet. For more information on the commands, then read the bo.txt, that follows the installation of Back Orifice. Well, lets get on.



To install BO Server at a victim:



(On a mac)

Run RealPC, SoftPC or SoftWindows, then follow the PC steps



(On a PC)

If your in Windows, run ms-dos prompt and follow the steps, if your i dos, just follow the steps:



Open up the boconfig this way: C:\<dir\boconfig.exe boserve.exe then you'll get some questions...



1. Runtime executable name (what should the installer name the trojan)

2. Exe description in registry (this could be a clue, like a hacker name, must not be null!)

3. Server port (wich port should the server listen on)(default: 31337)

4. Encryption PW (the password needed to enter the server)(default: null)

5. Default Plugin Start (this can be a command to pass a plugin)(default: null)

6. File to attach (This can be anything, it will start at boot)(default: null)



PS. If you set the port to a non-default value, then nobo (a anti-bo app) wont work, cuz nobo listen to port 31337....



To reduse the chance of getting cought:



Wingate Power Router does the job (MAC, dont know what to use on pc yet)! 

Put in a port in the port selection and if you connect out of that port it uses the wingate you specified. Then, you need to get a firewall. Use Porter.exe (PC) or a similar Port Scanner for MAC. All theese utilties can be downloaded at Illegal X (both mac & PC), or Happle (MAC and UNIX)...



Usefull procedure:



If you dont have a 'victim', MASS PING (vill get explained later how)

If you have a 'victim', get his ip, via ICQ, HOTLINE or by social engeneering

Ping him, to certify you got him, then use the 'Process List' commands, this is good so you know what he's doin, like, if he's running starcraft then you got time, if he'z at the homepage of 'REPORTING IT CRIMINALS', then watch out. If he's running anti virus, or any security watchdog, then kill it, this is done by copy'ing the number right of the application, and then paste it into the 'Process ID' box, and press enter, voila, 'Process terminated', should appear. The use the command 'List Password', to get cached passwords, and he's screen saver password. Remember that there can appear junk text after the password, ignore this. After this, you could use the 'HTTP ENABLE', enter C:\WINDOWS in the root, and 31337 in the port, and then goto your internet-browser and enter Http://<ip>:31337 and then upload patch.exe, wich is a netbus server, (get this from illegalX), then close the browser, open bo again, process spawn, and enter the directory : c:\windows\patch.exe in the directory box. Then you can use the Netbus client to fuck around (together with the server, get it at illegal X). There you can open his cd rom drive, disable certain keys, use your imagination!



Pinging ip'z:



Make a normal txt file in your root, call it ip.txt, then put in subnets. A subnet is for example 194.255.248.89 without the numbers after the last dot, so a subnet would be 194.255.248. Here i removed the 89, becouse that is the last, get it? Then it searches the whole of 195.255.248.* for possible BO serverz at the port 31337. I have attached a usefull ip.txt with lotta subnets free for use...





I hope this quick-compiled walkthrough can help! There might be many spelling errors, but i'm too lazy to check em ;P



THANX TO:

	Happle Crew

	Illegal X

	Ferrocyanide

	Jambo

	Doc Strange



Laterz and peace out!

-Acid Phantom