Back Orifice
Quick Links: <-- Back to Computers

Also see my CCV page about No B.O.

Is Back Orifice a "hacking program"? Or a "virus"? I say, "No." It is a very good piece of networking software! Here's a point to consider whether or not it is specifically designed for "hacking":

  • Configurability. This is it's biggest strength in proving it's not a hacking tool. The server file can be configured to to run on any port, and can be password protected. IMHO this is all it needs to prove it's not a hacking tool.
It is not a "virus". It can be trojaned into someone's system, but is by no means a virus. It itself will not harm your computer. Only the person on the client end can do that.

Ok, here's the commands for Back Orifice, and what they do. (I don't know what all of them do at this point in time, but they must do something.)

  • help: SYNTAX: help [command]. Just "help" by itself will give a list of commands that BO uses. "help [command]" will give detailed help on the specified command.
  • host: SYNTAX: host <w.x.y.z> [port]. The host command connects you to the remote system at IP address w.x.y.z . The port is optional, but most "unconfigured" server files will run on port 31337.
  • ping: SYNTAX: ping . Pings the current host.
  • pinglist: SYNTAX: pinglist <localfilename> . Pings a lits of ip addresses in a local text file.
  • status: SYNTAX: status . Displays current software status.
  • passwd: SYNTAX: passwd <newpassword >. Sets the encryption password for client.
  • quit: SYNTAX: quit . Exits the Back Orifice client
  • sweep: SYNTAX: sweep <x.y.z> . Sweeps subnet x.y.z with ping packets, if any Back Orifice hosts are on the subnet, it will echo the IP, port and machine name back.
  • sweeplist: SYNTAX: sweeplist <localfilename> . Sweeps a list of subnets in a text file.
  • dir: SYNTAX: dir [filespec] . Display remote files with wildcards, if filespec is not provided, a list of the current remote directory is provided.
  • del: SYNTAX: del <filename> . Delete a remote file.
  • copy: SYNTAX: copy <source> <destination> . Copies a file on the remote system to somewhere else on the remote system.
  • ren: SYNTAX: ren <oldfilename> <newfilename> . Renames a file on the remote system.
  • find: SYNTAX: find <filespec> <rootdir> . Searches on the remote system for filespec, from rootdir.
  • freeze: SYNTAX: freeze <source> <destination> . Compresses a file on the remote system.
  • melt: SYNTAX: melt <source> <destination> . Decompresses a file on the remote system.
  • view: SYNTAX: view <filename> . Views a textfile on the remote system.
  • tcpsend: SYNTAX: tcpsend <filename> <a.b.c.d:port> . Connects the remote system (server) to an IP and sends a file.
  • tcprecv: SYNTAX: tcprecv <filename> <a.b.c.d:port> . Connects the remote system (server) to an IP and recieves a file.
  • cd: SYNTAX: cd <dir> . Changes current directory on the remote system.
  • md: SYNTAX: md <newdir> . Makes a new directory on the remote system.
  • rd: SYNTAX: rd <dir> . Removes a directory on the remote system.
  • info: SYNTAX: info . Displays info about the remote system.
  • passes: SYNTAX: passes . Displays remote system's cached passwords.
  • dialog: SYNTAX: dialog <"Dialog text"> <"Title bar text"> . Displays a dialog box with specified text.
  • keylog: SYNTAX: keylog <filename> [stop] . Logs all keystrokes on remote system to a file. "stop" ends keylogging.
  • reboot: SYNTAX: reboot . Reboots the remote system.
  • httpon: SYNTAX: httpon <port> [rootdir] . Enables httpd on the remote server. Port can be any number, but must be specified. If rootdir is not specified, then all drives are accessable via http.
  • httpoff: SYNTAX: httpoff . Disables the httpd on remote system.
  • lockup: SYNTAX: lockup . Locks up the remote system.
  • netview: SYNTAX: netview . Displays resources available on the network.
  • netconnect: SYNTAX: netconnect <netresource> <password> . Connect to a network resource.
  • netdisconnect: SYNTAX: netdisconnect <netresource> . Disconnects from a network resource.
  • netlist: SYNTAX: netlist . List incoming and outgoing network connections on the remote system.
  • resolve: SYNTAX: resolve <servername> . Resolves the IP of a hostname from the remote host.
  • sharelist: SYNTAX: sharelist . Lists exports.
  • shareadd: SYNTAX: shareadd s<harename> <localdirectory,password,remark> . Adds an export.
  • sharedel: SYNTAX: sharedel s<harename> . Delete an export.
  • pluginexec: SYNTAX: pluginexec d<llname:pluginname> [pluginargs] . Executes a plugin on remote system.
  • pluginkill: SYNTAX: pluginkill <pluginID> . Terminates a plugin on remote system.
  • pluginlist: SYNTAX: pluginlist . Lists active plugins.
  • proclist: SYNTAX: Lists the running processes on remote system.
  • prockill: SYNTAX: prockill <pid> . Kills process with process ID "pid".
  • procspawn: SYNTAX: procspawn <program> [arguments] . Spawns process "program" with optional "arguments" on the remote system.
  • regmakekey: SYNTAX: regmakekey <keyname> . Make a key in the registry on the remote system.
  • regdelkey: SYNTAX: regdelkey <keyname> . Removes a key from the registry on the remote system.
  • regdelval: SYNTAX: regdelval <valuename> . Deletes a value from a key on the remote system.
  • reglistkeys: SYNTAX: reglistkeys <keyname> . Lists the sub-keys of a key on the remote system.
  • reglistvals: SYNTAX: reglistvals <keyname> . Lists the values of a key on the remote system.
  • regsetval: SYNTAX: regsetval <valuname> <type,value> . Sets the value of a key, creating if i doesn't exist.
  • listcaps: SYNTAX: listcaps . Lists the video capture devices.
  • capframe: SYNTAX: capfram <BMPfilename> [device,width,height,bpp] . Captures a frame from a video capture device to bitmap. If all or part of the device info is not given, the default 0,640,480,16 is used.
  • capavi: SYNTAX: capavi <AVIfile> <seconds>,[device,width,height,bpp] . Captures video from a video capture device to an AVI file. If all or part of the device info is not given, the default 0,320,240,16 is used.
  • capscreen: SYNTAX: capscreen <BMPfilename> . Captures and image of the remote systems current screen and save it to a BPM file.
  • sound: SYNTAX: sound <WAVfile> . Plays a WAV file on the remote system.
  • redirlist: SYNTAX: redirlist . Lists the current port redirections on the remote system.
  • rediradd: SYNTAX: rediradd <inputport> <output a.b.c.d:port,udp> . Adds a port redirection. If no output port is given, the input port is used.
  • redirdel: SYNTAX: redirdel <redirnum> . Deletes a port redirection on the remote system.
  • applist: SYNTAX: applist . Lists listening console applications on the remote system.
  • appadd: SYNTAX: appadd <"program parameters"> <inport> . Spawns a console application on the remote system to a TCP port.
  • appdel: SYNTAX: appdel <appID> Removes a console application from the redirected console apps.

I will update this later, explaining how to use NetCat with Back Orifice, and go into more detail of the commands and what they do.