NetBus v.1.60
Authored by Fresh Software. BusJack v1.0 - BusJack is a 'NetBus trojan cleaner' that can stop all versions of NetBus from running on the spot, without the need for a reboot, disabling, halting, and destroying NetBus versions 1.x AND 2.x, and then tracking the source/cause of the NetBus 'infection'. Archive password is set to p4ssw0rd. It even deletes the data logged by the server! This also works if you have already installed a 'NetBus 2.0 Server' To remove or reconfigure you best use the 'NetBus 2.0 Client'. FAQs And Hints to NetBus 2.0 Pro: Please read this document prior to writing an e-mail to me or asking me questions via ICQ. Links to Netbus/ NetBus 2.0 Pro.
Copyright 1998 © Carl-Fredrik Neikter
More Netbus 2.0 Server And Client videos. VNAP.NetBuster Proxy Pro is a GNU Licenced Freeware Proxy Server and Client. NetBus 2.0 Pro was released in. SMTP communication between mail servers. Remote Desktop Services - Wikipedia. Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2. Windows NT 4.0; Netbus client (v1.70) works fine in Windows 2000 and in Windows XP as well. Major parts of the protocol, used between the client and server interaction (in version 1.70) are textual. Thus the server can be controlled by typing human understandable commands over a raw TCP connection. Netbus 2.0 Pro - Directory Listings Disclosure / Arbitrary File Upload. Remote exploit for Multiple platform.
All Rights Reserved
Description
The program can be used as an remote administration tool, or more likely, just to have some fun with your friends on your local network, or even over the global internet (should not be used to systematic irritate people).
Installation
NetBus consists of a server and a client-part. The server-part is the program which must exists on the person’s computer that you want to have fun with. The client-part is your little, nice program that ”controls” the target computer!
Put the NetBus server, Patch.exe (which can be renamed), anywhere on the target computer and run it. By default it installs itself in the system, so it starts automatically every time Windows starts.
Put the NetBus client, NetBus.exe, on your computer.
Start NetBus and choose which hostname (or IP-number) you wish to connect to! If Patch is running on the target computer you will able to connect. Let’s have fun!
Note that you don’t see Patch when it’s running – it’s hiding itself automatically at start-up!
TCP/IP is the protocol that NetBus and Patch is using. That is, you address someone with host-names or IP-numbers. NetBus will connect you to someone with the Connect button.
Advanced issues
There are some command-line parameters you can use with Patch:
Patch /noadd means that you don’t want Patch to start every Windows-session, probably most used for testing purposes.
Patch /remove removes itself from memory and registry.
If you feel that you want a more sophisticated NetBus-server package that integrates Patch with another software/game you can just execute Patch from that software, and the NetBus server will be installed without any notice.
Note that Patch.exe can be (re-)named to whatever you want.
Expert issues
Of course the NetBus-server is always needed to be run before any client can connect to it. But how do you get it to run on the ”victim’s” computer if you don’t have physical access to it or can ”persuade” the user to run it himself?
Actually, it is possible, but to manage this you need to be a skilled programmer. Basically, you will need to find and exploit bugs in Microsoft’s Internet-programs. You may have heard of that recently Microsoft wanted all their customers to download a patch for their e-mail clients.
Any unpatched program can give a good hacker the opportunity to execute arbitrary code in the system if the user opens/reads an e-mail that exploits the common ”buffer overflow” bug. The filename of the attachment can be long enough to cause an overflow of the stack. This could then cause an jump to some code that lies in the ”filename string” which can do anything, for example download programs from Internet and execute it!
What’s new?
The NetBus server doesn’t log incoming connections any more.
SysEdit is renamed to Patch and installs itself automatically on the system, without need of the old /add parameter. Because of that, the parameter /noadd was added.
From now on, Patch removes any old instance of itself from memory if you start it twice or more.
Patch now contains KeyHook.dll as a resource, which is extracted at startup!
Patch doesn’t show up in the task list (Win95/98).
Deletion of files (added on users request, should not be abused).
Uploaded files can now be placed in any directory.
Keys on the keyboard can be disabled.
Pressing F12 (”boss-key”) will minimize NetBus quick and easy into the traybar.
Easier password-protection management.
Message dialog manager.
Show, kill and focus windows.
Author’s comments
The first public NetBus-version was released in the middle of march –98. Back then, the user-interface was in swedish and I thought it could be nice to share this program with others. Wow, what reactions and comments it got!
Some months later it appeared natural to translate the program to english. Thanks to this, now NetBus seems to be used and loved (mostly J) everywhere! And since then many people have asked me to do newer versions of this software. This version includes the most requested features, like easier installation.
You contact me by sending an e-mail to cf@bonsa.se. You’re encouraged telling me how fun you have had!
Functions
Open/close the CD-ROM once or in intervals (specified in seconds).
Show optional image. If no full path of the image is given it will look for it in the Patch-directory. The supported image-formats is BMP and JPG.
Swap mouse buttons – the right mouse button gets the left mouse button’s functions and vice versa.
Start optional application.
Play optional sound-file. If no full path of the sound-file is given it will look for it in the Patch-directory. The supported sound-format is WAV.
Point the mouse to optional coordinates. You can even navigate the mouse on the target computer with your own!
Show a message dialog on the screen. The answer is always sent back to you!
Shutdown the system, logoff the user etc.
Go to an optional URL within the default web-browser.
Send keystrokes to the active application on the target computer! The text in the field ”Message/text” will be inserted in the application that has focus. (”|” represents enter).
Listen for keystrokes and send them back to you!
Get a screendump! (should not be used over slow connections)
Return information about the target computer.
Upload any file from you to the target computer! With this feature it will be possible to remotely update Patch with a new version.
Increase and decrease the sound-volume.
Record sounds that the microphone catch. The sound is sent back to you!
Make click sounds every time a key is pressed!
Download and deletion of any file from the target. You choose which file you wish to download/delete in a nice view that represents the harddisks on the target!
Keys (letters) on the keyboard can be disabled.
Password-protection management.
Show, kill and focus windows on the system.
The functions above (there are some logical exceptions) can be delayed an optional number of seconds before they are executing.
Connecting
Netbus 2 0 Server And Client Software Free
The connect button has one very nice feature. It can scan IP-numbers for a NetBus computer. As soon as it connect to someone it will stop. The syntax for IP-scanning is xx.xx.xx.xx+xx, e.g. 127.0.0.1+15 will scan all IP-numbers in the range 127.0.0.1 to 127.0.0.16.
Password protection
If you just want to have fun with your friend’s computer yourself, and don’t want someone else to connect to it you can password protect it. To accomplish this you start SysEdit with the parameter /pass:thepassword, or use the administration functions in NetBus.
Now everybody who hasn’t the correct password will fail when trying to connect or sending commands to that computer.
Hint
You should perhaps test the functions in NetBus against yourself before you start fooling with your friends, so you know what’s happening (send text will, however, not work on yourself)! Your own machine can be addressed via ”localhost”.
Systemdemands
Windows 95, Windows NT or later versions of Windows.
DOWNLOAD LINK
There are several things that come to mind when talk of the 1990’s comes around. Nirvana, vodka, cheap rap, and well- global warming wasn’t the subject of every conversation. But what really outshines the rest is the world of computing. The world of security was just getting its foothold into what is now a highly evolved and much more complicated scene. Three programs in particular allowed anyone to pull of amazing feats of prowess- all without any hacking knowledge.
Today these programs won’t make it past a cheap firewall. And we can’t recommend pranking a friend, but if you do, make sure he has his back turned at least long enough for you to turn his firewall off. Or if you’re clever with words, you might convince him to do it himself!
Back Orifice / Back Orifice 2000
Back Orifice, or BO, is one of the more common backdoor programs- and one of the most lethal of the bunch. The name may seem like a joke, but rest assured, the threat was quite real for its time. Back Orifice was created by the Cult of the Dead Cow group. If you haven’t noticed, they seem to have a knack for a sense of off-the-wall humor. Aside from the bizarre name, the program commonly runs on port 31337- a reference to the “Leet” phenomenon popular among hackers.
Pictured above is Back Orifice Version 2000. Back Orifice uses the client-server model, whereas the server is the victim and the client is the attacker. What made Back Orifice so dangerous is that it can install and operate silently. There is no need for user interaction whatsoever, meaning you could have it on your computer even today and not be aware of it.
Companies such as Symantec have taken steps in guarding computers against the program, as they have deemed it as dangerous. This is due partly to the fact that it is still being actively developed as an open source tool. As stated in the BO documentation, the goal is to ultimately make the presence of Black Orifice 2000 unknown- even to those who installed it.
Back Orifice 2000 is being developed for Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP.
Where Can I Download Back Orifice 2000?
Back Orifice 2000 may be downloaded at the following location: http://sourceforge.net/projects/bo2k/
Removal of Back Orifice 2000 will require that you edit your registry settings. To remove it in 7 easy steps, refer to the diagram below.
How To Remove Back Orifice 2000
- 1. Click Start > Run, and then type “Regedit” (without quotes)
- 2. Follow the below path: “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices”
- 3. Now in the right window, look for the following: “umgr32 = ‘c:windowssystemumgr32.exe”
- 4. Right click on this entry, and click delete. Now restart your computer.
- 5.After the restart, only open Windows Explorer. Make sure you can see all registered extensions. To do so, go to View > Options, and configure the appropriate settings.
- 6.Go to the WINDOWSSYSTEM directory, and find the “umgr32.exe” file. Once you’ve found it, delete it.
- 7. Exit Windows Explorer and restart your computer once more.
NetBus / Netbus 2.0 Pro
NetBus was created around the same time that Back Orifice was- the late 1990’s. NetBus was originally designed as a program to prank friends and family with- certainly nothing too malicious. The program made its debut in 1998, making pranks and attacks still available in the later 1990’s.
What makes NetBus famous is that in 1999, a law scholar by the name of Magnuss Eriksson was a victim of a NetBus attack. Child pornography was placed on his computer, coworkers found it, and he lost his job. Only 5 years later did he reclaim his innocence, but after much turmoil and emotional treatment. Some pranks go a little too far, as you can tell.
Where can I Buy and Download NetBus?
NetBus may be bought and downloaded at the following location: http://www.netbus.org/
Luckily, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous releases of NetBus are a little more difficult, however.
How To Remove NetBus
- 1. Click Start > Run, and then type “Regedit” (without quotes)
- 2.Follow the below path: “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices”
- 3. Now in the right window, look for the following: “[Name_of_Server].exe” Of course, you will have to find the actual name of the exe file. It is commonly “Patch.exe” or “SysEdit.exe”, but may differ.
- 4.Restart, and remove any traces of the actual program that may be left. Optionally, you may Install NetBus yourself, and then use its own removal feature.
SubSeven / Sub7
SubSeven, or Sub7, was created for the same purpose NetBus was- for pranks. Sub7 actually has support for more pranks and also has a better looking user interface.
Where can I Buy and Download Sub7?
Netbus 2 0 Server And Client Software List
Sub7 is not supported anymore, and thus, is not available for download on any legit websites. If you were to do a Google search, you would find links to download Sub7. However, these are not official sites, and should be considered shady or dangerous.
How To Remove Sub7
- 1. End the following processes via task manager: ”editserver.exe, subseven.exe”
- 2.Remove the following files: “editserver.exe, subseven.exe, tutorial.txt.”
Why These Programs Are Completely Legal
The entire basis behind these programs is that they are designed to help people- not do harm. While some such as NetBus were indeed originally created for pranks, they have switched routes to avoid legal troubles.
These programs claim to be legit remote desktop programs, although they are obviously easily used for malicious use. These programs are actually supposed to be used for helpdesk or customer support departments. Why every pre-teen of the1990’s had a copy is beyond us, but we get the feeling these were being used for more than testing purpose.
The advent of newer technology has made these programs in some ways less effective. However, programs such as Back Orifice 2000 are still yet evolving. The Back Orifice team has also been rumored to be working on a sequel to their program- will it impact computing the same way the late 1990’s were with these programs?
For our own entertainment purposes, we can only hope.
Photo Attribution: emailmks Flickr via Compfightcc