Forwarded From: "Schadey, Robert - TSAC, INC." <SchadeyR@SHAFTER-EMH3.ARMY.MIL>
Similar to Back Orifice, uses ports 12345 and 12346
Description
The program can be used as an remote administration tool, or more likely,
just to have some fun with your friends on your local network, or even
over the global internet (should not be used to systematic irritate
people).
Installation
NetBus consists of a server and a client-part. The server-part is the
program which must exists on the person's computer that you want to have
fun with. The client-part is your little, nice program that "controls"
the target computer!
Put the NetBus server, Patch.exe (which can be renamed), anywhere on the
target computer and run it. By default it installs itself in the system,
so it starts automatically every time Windows starts.
Put the NetBus client, NetBus.exe, on your computer.
Start NetBus and choose which hostname (or IP-number) you wish to connect
to! If Patch is running on the target computer you will able to connect.
Let's have fun!
Note that you don't see Patch when it's running - it's hiding itself
automatically at start-up!
TCP/IP is the protocol that NetBus and Patch is using. That is, you
address someone with host-names or IP-numbers. NetBus will connect you to
someone with the Connect button.
Advanced issues
There are some command-line parameters you can use with Patch:
* Patch /noadd means that you don't want Patch to start every
Windows-session, probably most used for testing purposes.
* Patch /remove removes itself from memory and registry. If you feel that
you want a more sophisticated NetBus-server package that integrates Patch
with another software/game you can just execute Patch from that software,
and the NetBus server will be installed without any notice.
Note that Patch.exe can be (re-)named to whatever you want.
Expert issues
Of course the NetBus-server is always needed to be run before any client
can connect to it. But how do you get it to run on the "victim's"
computer if you don't have physical access to it or can "persuade" the
user to run it himself?
Actually, it is possible, but to manage this you need to be a skilled
programmer. Basically, you will need to find and exploit bugs in
Microsoft's Internet-programs. You may have heard of that recently
Microsoft wanted all their customers to download a patch for their e-mail
clients.
Any unpatched program can give a good hacker the opportunity to execute
arbitrary code in the system if the user opens/reads an e-mail that
exploits the common "buffer overflow" bug. The filename of the attachment
can be long enough to cause an overflow of the stack. This could then
cause an jump to some code that lies in the "filename string" which can
do anything, for example download programs from Internet and execute it!
What's new?
* The NetBus server doesn't log incoming connections any more.
* SysEdit is renamed to Patch and installs itself automatically on the
system, without need of the old /add parameter. Because of that, the
parameter /noadd was added.
* From now on, Patch removes any old instance of itself from memory if you
start it twice or more.
* Patch now contains KeyHook.dll as a resource, which is extracted at
startup!
* Patch doesn't show up in the task list (Win95/98).
* Deletion of files (added on users request, should not be abused).
* Uploaded files can now be placed in any directory.
* Keys on the keyboard can be disabled.
* Pressing F12 ("boss-key") will minimize NetBus quick and easy into the
traybar.
* Easier password-protection management.
* Message dialog manager.
* Show, kill and focus windows.
Author's comments
The first public NetBus-version was released in the middle of march -98.
Back then, the user-interface was in swedish and I thought it could be
nice to share this program with others. Wow, what reactions and comments
it got!
Some months later it appeared natural to translate the program to english.
Thanks to this, now NetBus seems to be used and loved (mostly J)
everywhere! And since then many people have asked me to do newer versions
of this software. This version includes the most requested features, like
easier installation.
You contact me by sending an e-mail to cf@bonsa.se. You're encouraged
telling me how fun you have had!
Functions
* Open/close the CD-ROM once or in intervals (specified in seconds).
* Show optional image. If no full path of the image is given it will look
for it in the Patch-directory. The supported image-formats is BMP and JPG.
* Swap mouse buttons - the right mouse button gets the left mouse button's
functions and vice versa.
* Start optional application.
* Play optional sound-file. If no full path of the sound-file is given it
will look for it in the Patch-directory. The supported sound-format is
WAV.
* Point the mouse to optional coordinates. You can even navigate the mouse
on the target computer with your own!
* Show a message dialog on the screen. The answer is always sent back to
you!
* Shutdown the system, logoff the user etc.
* Go to an optional URL within the default web-browser.
* Send keystrokes to the active application on the target computer! The
text in the field "Message/text" will be inserted in the application that
has focus. ("|" represents enter).
* Listen for keystrokes and send them back to you!
* Get a screendump! (should not be used over slow connections)
* Return information about the target computer.
* Upload any file from you to the target computer! With this feature it
will be possible to remotely update Patch with a new version.
* Increase and decrease the sound-volume.
* Record sounds that the microphone catch. The sound is sent back to you!
* Make click sounds every time a key is pressed!
* Download and deletion of any file from the target. You choose which file
you wish to download/delete in a nice view that represents the harddisks
on the target!
* Keys (letters) on the keyboard can be disabled.</LIA
* Password-protection management.
* Show, kill and focus windows on the system. The functions above (there
are some logical exceptions) can be delayed an optional number of seconds
before they are executing.
Connecting
The connect button has one very nice feature. It can scan IP-numbers for a
NetBus computer. As soon as it connect to someone it will stop. The syntax
for IP-scanning is xx.xx.xx.xx+xx, e.g. 127.0.0.1+15 will scan all
IP-numbers in the range 127.0.0.1 to 127.0.0.16.
Password protection
If you just want to have fun with your friend's computer yourself, and
don't want someone else to connect to it you can password protect it. To
accomplish this you start SysEdit with the parameter /pass:thepassword, or
use the administration functions in NetBus.
Now everybody who hasn't the correct password will fail when trying to
connect or sending commands to that computer. Hint
You should perhaps test the functions in NetBus against yourself before
you start fooling with your friends, so you know what's happening (send
text will, however, not work on yourself)! Your own machine can be
addressed via "localhost".
Systemdemands
Windows 95, Windows NT or later versions of Windows.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Sep 5 09:34:25 1998