Back Orifice
Is Back Orifice a "hacking program"? Or a "virus"? I say, "No."
It is a very good piece of networking software! Here's a point to consider whether
or not it is specifically designed for "hacking":
- Configurability. This is it's biggest strength in proving it's not a hacking
tool. The server file can be configured to to run on any port, and can be password
protected. IMHO this is all it needs to prove it's not a hacking tool.
It is not a "virus". It can be trojaned into someone's system, but
is by no means a virus. It itself will not harm your computer. Only the person on
the client end can do that.
Ok, here's the commands for Back Orifice, and what they do. (I don't know what
all of them do at this point in time, but they must do something.)
- help: SYNTAX: help [command]. Just "help" by itself will give a list of
commands that BO uses. "help [command]" will give detailed help on the specified
command.
- host: SYNTAX: host <w.x.y.z> [port]. The host command connects
you to the remote system at IP address w.x.y.z . The port is optional, but most
"unconfigured" server files will run on port 31337.
- ping: SYNTAX: ping . Pings the current host.
- pinglist: SYNTAX: pinglist <localfilename> . Pings a lits of ip
addresses in a local text file.
- status: SYNTAX: status . Displays current software status.
- passwd: SYNTAX: passwd <newpassword >. Sets the encryption
password for client.
- quit: SYNTAX: quit . Exits the Back Orifice client
- sweep: SYNTAX: sweep <x.y.z> . Sweeps subnet x.y.z with ping
packets, if any Back Orifice hosts are on the subnet, it will echo the IP, port and machine name back.
- sweeplist: SYNTAX: sweeplist <localfilename> . Sweeps a list of
subnets in a text file.
- dir: SYNTAX: dir [filespec] . Display remote files with wildcards, if
filespec is not provided, a list of the current remote directory is provided.
- del: SYNTAX: del <filename> . Delete a remote file.
- copy: SYNTAX: copy <source> <destination> . Copies a file
on the remote system to somewhere else on the remote system.
- ren: SYNTAX: ren <oldfilename> <newfilename> . Renames a
file on the remote system.
- find: SYNTAX: find <filespec> <rootdir> . Searches on the
remote system for filespec, from rootdir.
- freeze: SYNTAX: freeze <source> <destination> . Compresses
a file on the remote system.
- melt: SYNTAX: melt <source> <destination> . Decompresses a
file on the remote system.
- view: SYNTAX: view <filename> . Views a textfile on the remote
system.
- tcpsend: SYNTAX: tcpsend <filename> <a.b.c.d:port> .
Connects the remote system (server) to an IP and sends a file.
- tcprecv: SYNTAX: tcprecv <filename> <a.b.c.d:port> .
Connects the remote system (server) to an IP and recieves a file.
- cd: SYNTAX: cd <dir> . Changes current directory on the remote
system.
- md: SYNTAX: md <newdir> . Makes a new directory on the remote
system.
- rd: SYNTAX: rd <dir> . Removes a directory on the remote system.
- info: SYNTAX: info . Displays info about the remote system.
- passes: SYNTAX: passes . Displays remote system's cached passwords.
- dialog: SYNTAX: dialog <"Dialog text"> <"Title bar text"> .
Displays a dialog box with specified text.
- keylog: SYNTAX: keylog <filename> [stop] . Logs all keystrokes on
remote system to a file. "stop" ends keylogging.
- reboot: SYNTAX: reboot . Reboots the remote system.
- httpon: SYNTAX: httpon <port> [rootdir] . Enables httpd on the
remote server. Port can be any number, but must be specified. If rootdir is not
specified, then all drives are accessable via http.
- httpoff: SYNTAX: httpoff . Disables the httpd on remote system.
- lockup: SYNTAX: lockup . Locks up the remote system.
- netview: SYNTAX: netview . Displays resources available on the network.
- netconnect: SYNTAX: netconnect <netresource> <password> .
Connect to a network resource.
- netdisconnect: SYNTAX: netdisconnect <netresource> . Disconnects
from a network resource.
- netlist: SYNTAX: netlist . List incoming and outgoing network connections
on the remote system.
- resolve: SYNTAX: resolve <servername> . Resolves the IP of a hostname
from the remote host.
- sharelist: SYNTAX: sharelist . Lists exports.
- shareadd: SYNTAX: shareadd s<harename> <localdirectory,password,remark>
. Adds an export.
- sharedel: SYNTAX: sharedel s<harename> . Delete an export.
- pluginexec: SYNTAX: pluginexec d<llname:pluginname> [pluginargs] . Executes a plugin on remote system.
- pluginkill: SYNTAX: pluginkill <pluginID> . Terminates a plugin
on remote system.
- pluginlist: SYNTAX: pluginlist . Lists active plugins.
- proclist: SYNTAX: Lists the running processes on remote system.
- prockill: SYNTAX: prockill <pid> . Kills process with process ID
"pid".
- procspawn: SYNTAX: procspawn <program> [arguments] . Spawns
process "program" with optional "arguments" on the remote system.
- regmakekey: SYNTAX: regmakekey <keyname> . Make a key in the
registry on the remote system.
- regdelkey: SYNTAX: regdelkey <keyname> . Removes a key from the
registry on the remote system.
- regdelval: SYNTAX: regdelval <valuename> . Deletes a value from a
key on the remote system.
- reglistkeys: SYNTAX: reglistkeys <keyname> . Lists the sub-keys
of a key on the remote system.
- reglistvals: SYNTAX: reglistvals <keyname> . Lists the values of
a key on the remote system.
- regsetval: SYNTAX: regsetval <valuname> <type,value> . Sets
the value of a key, creating if i doesn't exist.
- listcaps: SYNTAX: listcaps . Lists the video capture devices.
- capframe: SYNTAX: capfram <BMPfilename> [device,width,height,bpp]
. Captures a frame from a video capture device to bitmap. If all or part of the
device info is not given, the default 0,640,480,16 is used.
- capavi: SYNTAX: capavi <AVIfile> <seconds>,[device,width,height,bpp]
. Captures video from a video capture device to an AVI file. If all or part
of the device info is not given, the default 0,320,240,16 is used.
- capscreen: SYNTAX: capscreen <BMPfilename> . Captures and image of
the remote systems current screen and save it to a BPM file.
- sound: SYNTAX: sound <WAVfile> . Plays a WAV file on the remote
system.
- redirlist: SYNTAX: redirlist . Lists the current port redirections on
the remote system.
- rediradd: SYNTAX: rediradd <inputport> <output a.b.c.d:port,udp>
. Adds a port redirection. If no output port is given, the input port is used.
- redirdel: SYNTAX: redirdel <redirnum> . Deletes a port redirection
on the remote system.
- applist: SYNTAX: applist . Lists listening console applications on the
remote system.
- appadd: SYNTAX: appadd <"program parameters"> <inport> .
Spawns a console application on the remote system to a TCP port.
- appdel: SYNTAX: appdel <appID> Removes a console application from
the redirected console apps.
I will update this later, explaining how to use NetCat with Back Orifice,
and go into more detail of the commands and what they do.
[ About Catfish
| C.C.V
| Computers
| Downloads
| Email ]
[ Frieda Comics
| Funny Bits
| Index
| Links
| Music
| Photos ]
[ The [TP]
| Graphical Pages ]