Welcome to the Back Orifice Section. File Name Downloads File Size Last Modified antigen10.zip 2173 194283 Aug 16 17:14:37 1999 AntiGen 1.0 - Detects, cleans, and destroys the Back Orifice trojan, automatically; checks the severity of the BOserve infection and cleans each of them - automatically, in a wizard interface. By Fresh Software. antigen102.zip 2754 195502 Aug 16 17:14:38 1999 AntiGen will detect, clean, and destroy the Back Orifice trojan horse from your computer, automatically. It uses a wizard interface and does the work for you. By Fresh Software. B1bogui.zip 2537 21332 Aug 16 17:14:41 1999 English Help File for BoClient. By BeeOne. backwork.zip 2080 168896 Aug 16 17:14:38 1999 Backwork looks for Back Orifice server, because it stays resident it detects the server as soon as the server gets installed. If it detects the server it will notify the user and ask for permission to remove the server, after that it will reboot the computer and remove the server files from your hard drive. back_orifice.txt 3039 5532 Aug 16 17:14:37 1999 The CULT OF THE DEAD COW (cDc) SECURITY ALERT. cDc will release Back Orifice, a remote MS Windows Administration tool, on 8/1/98. There goes what was left of Windows security... bo-faq.html 1333 9396 Aug 16 17:14:37 1999 Back Orifice Buttplugs and Goodies FAQ (Frequently Asked Questions), By Enigma. bo.zip 4210 284421 Aug 16 17:14:37 1999 Back Orifice - Windows Remote Administration Tool, by the cDc. Read the details. Windows version. bo120.zip 5604 284421 Aug 16 17:14:37 1999 BO v1.2.0 - Latest version of Back Orifice for Windows95/98. bo121unix.tar.gz 1815 27642 Aug 16 17:14:37 1999 UNIX version of cDc's Back Orifice, WITH source code. The controversial Windows Remote Administration/Hacking Tool/Trojan has been ported and the source code released. boclient-1.3.0-pre-1..> 1916 50062 Aug 16 17:14:36 1999 boclient 1.3.0-pre - boclient is a remote windows administation tool which uses BackOrifice or NetBus servers on Windows. It is an improvement of version 1.21. Most recent versions have GNU readline support, NetBus commands, portability to other platforms (BeOS, QNX and 64bit architectures like Alpha) and async network I/O. Changes: This is the initial developers release. Although it is usable, there are still some known bugs (see the TODO file in the distribution). By Dobrica Pavlinusic. BoClient1.3b.zip 2152 329730 Aug 16 17:14:39 1999 BoClient 1.3b2 - BeeOne's version of BoGUI. By BeeOne. BoClient1.4.exe 2291 375990 Aug 16 17:14:40 1999 BoClient 1.4 - BeeOne's version of Back Orifice GUI. New Features: multiple IP for the script, little BO attack sniffer, script can run at startup, built-in TCP send/receive. By BeeOne. BoClient1.41.exe 4278 381291 Aug 16 17:14:40 1999 BoClient 1.4.1 - BeeOne's version of Back Orifice GUI. New Features in this release: builtin TCP send/receive, remembers most parameters. By BeeOne. BoDetect_StandAlone...> 3644 214012 Aug 16 17:14:37 1999 A Back Orifice Detector/Remover Program THAT WORKS. By Chris Benson. BoDetect_v25Beta.zip 2982 687247 Aug 16 17:14:38 1999 BoDetect v2.5 Beta - Detects, removes, kills, monitors for Back Orifice and NetBus trojans. By CBSoftSolutions. boe.exe 2343 164625 Aug 16 17:14:38 1999 Back Orifice Eliminator - Another excellent Back Orifice detector and remover that works. By Bardon Data Systems. bof.exe 1879 74240 Aug 16 17:14:39 1999 !BO!FREEZE! v1.20.0200 - BO FREEZE detects subnet scans by remote hosts looking for Bo Servers, logs the scans, and then sends malformed packets to the remote host running the BO GUI causing the remote BO GUI to "freeze" or lock up. By Wacky Zany Crazy Productions. bofix_11.zip 2229 1535947 Aug 16 17:14:42 1999 Back OrifiX locates and destroys the Back Orifice trojan. By GroupaXion. bogtk-1.0.1.tar.gz 1512 30163 Aug 16 17:14:40 1999 bogtk v1.0.1 is the latest version of a Back Orifice client with a graphical user interface for Linux/UNIX. It uses the gtk toolkit. By kossico. bogtk.tar.gz 1335 30076 Aug 16 17:14:40 1999 bogtk 1.0 is the first version of a Back Orifice client with a graphical user interface for Linux/UNIX. It uses the gtk toolkit. By kossico. boinfo.txt 2033 6031 Aug 16 17:14:37 1999 Information about the cDc BackOrifice including how to detect if it is installed, how to remove it, and how to break the weak encryption that it uses. From ISS X-Force. boping.zip 0 5682 Dec 12 22:26:12 2000 BOPing is a network scanner for the infamous Back Orifice trojan. It is many times faster than the ping sweeper built in to the original client program. This is intended as a vigilante tool to notify victims who unknowingly have the trojan on their system. It includes the ability to notify detected victims by sending them a BO message box message directly from within the program. Homepage: http://www.foundstone.com. By Robin Keir bored.zip 1438 11785 Aug 16 17:14:36 1999 BORED executable only. By MadBadger Software. bored_rt.zip 1955 1122942 Aug 16 17:14:37 1999 B.O.R.E.D. v0.2 - Back Orifice Recognition, Extraction and Deletion software. Contains the executable, the readme and the runtime libraries used by the program. By MadBadger Software. boscan.zip 1945 131999 Aug 16 17:14:38 1999 Another program designed to scan for and remove Back Orifice servers. boscript-0.1.tar.gz 1354 73322 Aug 16 17:14:37 1999 Perl module and loadable library for Back Orifice. Alot of extra functionality with this script added. boscript-0.2.tar.gz 1366 79445 Aug 16 17:14:38 1999 boscript is a Perl interface to the cDc's Back Orifice Remote Administration Server. function reference. By Mitch Blevins. bospy.zip 2099 85760 Aug 16 17:14:39 1999 Back Orifice Spy is similiar to NetBuster. It monitors all connections to tcp port 31337 and logs. If someone pings you, Spy will send pong. You can make your own fake passowrds, so when "BO hacker", demands them (system passwords), he will get the fake ones. Additionally, you can send message box text to the attacker. By Chaplin Inc. bospy161.zip 1913 174305 Aug 16 17:14:40 1999 Back Orifice Spy v 1.61 - Program fakes installed BO server, listens on user defined ports for attempted connections from remote "BO hackers", logs remote IPs and all commands "BO hacker" attempts to execute, and offers user the option of sending fake replies back to "BO hacker". By Chaplin. bospy185.zip 2570 179232 Aug 16 17:14:41 1999 Back Orifice SPY v1.85 - Latest release of "anti-Back Orifice" program that logs, protects against, and attacks remote Back Orifice users. By Chaplin Corp.. bowhack.zip 2100 129797 Aug 16 17:14:40 1999 bowhack is similar to whackjob, except it is designed for use with Back Orifice servers. As with whackjob, this program is used to bind a BO server to a game, called "Whack-A-Mole", and it also uses customized ports, renames the BO server to c:\windows\system\sys.exe, and uses modified code to avoid detection from anti-virus software, such as Mcaffe AntiVirus. By Ecoli. BUTTSniff-0.9.2.zip 2448 164231 Aug 16 17:14:38 1999 BUTTSniff v0.9.2: Upgraded to work with Windows NT! Also added IP and port filtering for direct disk dump. By dildog. ButtTrumpet.zip 1986 40277 Aug 16 17:14:37 1999 ButtTrumpet v1.1 - BUTTplug plugin for Back Orifice. Butt Trumpet 1.1 will attempt to e-mail the IP of the BO Server machine to a user specified e-mail address. fakeb016.tgz 1222 7724 Aug 16 17:14:40 1999 fakebo v0.1.6 - This program fakes BO server and logs every attempt from BO client. It is possible to log attempts to /var/log/fakebo.log or stdout. It can send fake pings and replies back to BO client. Very useful for educational purposes to say something like "hey man, didn't you know that linux cannot be (kvazi)hacked with BO?". This version adds better parsing of config file, date and time logging, option for buffered logging, option for silent mode. For Linux. By Vlatko Kosturjak. fakebo-0.4.0.tar.gz 1425 74966 Aug 16 17:14:41 1999 FakeBO 0.4.0 - FakeBO fakes trojan server responses (Back Orifice, NetBus, etc.) and logs every attempt to a logfile, stdout/stderr or syslog. It is able to send fake pings and replies back to the client which is trying to access your system. Changes: We have switched to CVS for development, added ignorehost option, added RealBO(tm) fake server (responses like Windows BO server), ported to BeOS, QNX and more UNIX flavours (using more native compilers), very optimized cracking routine, very resistable to various DoS attacks (security update), and it runs more secure, i.e. drops privileges if run as root, fixed fork bug and more. By Vlatko Kosturjak & Robert Avilov. fakebo-0.4.1-win32.e..> 1586 275456 Aug 16 17:14:41 1999 See description below. Windows32 binaries (exe). fakebo-0.4.1-win32.z..> 1639 249528 Aug 16 17:14:41 1999 See description below. Windows32 binaries (zipped). fakebo-0.4.1.tar.gz 1559 108490 Aug 16 17:14:41 1999 FakeBO 0.4.1 - FakeBO fakes trojan server responses (Back Orifice, NetBus, etc.) and logs every attempt to a logfile, stdout/stderr or syslog. It is able to send fake pings and replies back to the client that is trying to access your system.Changes: Fixed potential buffer overflow, build on libc5, RealBO improvement, more verbose logging, out-of-the-tar support for rpm, added hex dump of packets and now compiles on Cygwin. Source code. By Vlatko Kosturjak & Robert Avilov. fakebo-019.tgz 1189 17396 Aug 16 17:14:40 1999 FakeBO fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. This release has minor bug fixes, better support for logging via syslog, support for custom messages for every BO command, support for plug-ins (very beta, use with care), option for version of BO server. For *nix systems. By Vlatko Kosturjak. fakebo-030.tgz 1241 23348 Aug 16 17:14:41 1999 FakeBO 0.3.0 - FakeBO fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. New with this release: added NetBus support, better custom script handling, better logging to log file, more configuration and commandline options, better configuration handling, server daemon support, bugfixes, makefile improved, cosmetic upgrades. For *nix systems. By Vlatko Kosturjak. fakebo-031.tgz 1203 27441 Aug 16 17:14:41 1999 FakeBO fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. New with this release: added NetBus support, better custom script handling, better logging to log file, more configuration and commandline options, better configuration handling, server daemon support, bugfixes, makefile improved, cosmetic upgrades, man page. For *nix systems. By Vlatko Kosturjak. fakebo-032.tgz 1242 27731 Aug 16 17:14:41 1999 FakeBO v0.32 fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. New with this release: fixed buffer overflow bug, added support for flood detecting, fixed bug with port scanners that do tcp SYN stealth port scan, detects tcp SYN stealth port scanning, fixed bug on NetBus support, many additional bugfixes. For *nix systems. By Vlatko Kosturjak. fakebo-033.tgz 1330 28065 Aug 16 17:14:41 1999 FakeBO v0.33 fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. New with this release: fixed buffer overflow bug, added support for flood detecting, fixed bug with port scanners that do tcp SYN stealth port scan, detects tcp SYN stealth port scanning, added option to crack encrypted BO packets. For *nix systems. By Vlatko Kosturjak. fakebo.tgz 1266 100819 Aug 16 17:14:40 1999 fakebo v0.1.5 - This program fakes BO server and logs every attempt from BO client. It is possible to log attempts to /var/log/fakebo.log or stdout. It can send fake pings and replies back to BO client. Very useful for educational purposes to say something like "hey man, didn't you know that linux cannot be (kvazi)hacked with BO?". For Linux. By Vlatko Kosturjak. fakebo017.tgz 1195 8346 Aug 16 17:14:40 1999 FakeBO 0.1.7 - FakeBO fakes Back Orifice server responses and logs every attempt to a logfile or stdout. It is able to send fake pings and replies back to the client trying to access your system. This release adds support to log via syslog, better handling of non-bo packets and minor bug fixes. This is probably the last release before adding NetBus support. By Vlatko Kosturjak. fakeboreport.pl 1623 689 Aug 16 17:14:41 1999 fakeboreport.pl is a perl script, complimenting FakeBO v0.4.0, that will notify sysadmin of BO attempts. By Robert Szarka. function.txt 0 6664 Aug 16 17:14:38 1999 Sorry, a description is unavailable. gspot.2.0.patch 1799 53524 Aug 16 17:14:41 1999 GSpot 2.0 - Gspot is a control panel for cDc's Back Orifice. As of 2.0, Gspot requires GTK+ 1.2. Gspot was written using cDc's original Unix client sources, only the front end has really changed. Right now Gspot has all of the capabilities of cDc's client for MS Windows, but also allows cut-and-paste, better layout, session saving and command scripting. Changes: Added options to save the information returned by Gspot to a file, and to record and play back a sequence of commands (scripting). By Gordon Messmer. gspot.patch 1857 37936 Aug 16 17:14:41 1999 GSpot 1.21 - Gspot is a control panel for cDc's Back Orifice. It uses the GTK+ widget set, and should compile with either GTK+ 1.0 or 1.2 series. Gspot was written using cDc's original Unix client sources, only the front end has really changed. Right now Gspot has all of the capabilities of cDc's client for MS Windows, but also allows cut-and-paste, and a larger, more descriptive list for the commands. This is the first release of gspot. By Gordon Messmer. gspot121.tar.gz 1439 150019 Aug 16 17:14:41 1999 GUI Back Orifice client for *NIX - GSpot 1.21 - Gspot is a control panel for cDc's Back Orifice. It uses the GTK+ widget set, and should compile with either GTK+ 1.0 or 1.2 series. Gspot was written using cDc's original Unix client sources, only the front end has really changed. Right now Gspot has all of the capabilities of cDc's client for MS Windows, but also allows cut-and-paste, and a larger, more descriptive list for the commands. This is the first release of gspot. Working hack of Gordon Messmer's gspot.patch by Hackers Information Report. infector.zip 2420 94600 Aug 16 17:14:39 1999 Infector v0.2 - BoServer crypted to avoid anti-virus software detection. By BeeOne. lobov12.zip 2166 522903 Aug 16 17:14:39 1999 lobo v.1.2 - Simple, yet very effective program that launches a "counter-attack" against anyone who makes the mistake of scanning you for Back Orifice servers. By Low Noise. NBO101en.zip 2446 258224 Aug 16 17:14:39 1999 NoBackO v1.01 - Back Orifice sniffer (english version). By BeeOne. NBO121fr.zip 1842 296032 Aug 16 17:14:39 1999 NoBackO v1.21 - sniffer d'attaques Back Orifice (version française). By BeeOne. NBO130fr.zip 1886 361440 Aug 16 17:14:40 1999 NoBackO v1.30 - Back Orifice sniffer (french version). By BeeOne. nobo.exe 1628 69120 Aug 16 17:14:38 1999 NOBO is a program that detects Back Orifice (BO) packets in a Windows 95/98 machine. It opens the BO port and keeps waiting for any packet coming from BO clients. Once a packet is received, NOBO logs it with information about the sender (IP address and host name). NOBO can just ignore the packet or be configured to reply back with a message. NOBO web site. nobo13.exe 2135 74240 Aug 16 17:14:41 1999 NOBO v1.3 - NOBO is a program that detects incoming Back Orifice (BO) packets on a Windows 95/98 machine. It opens the BO port and keeps waiting for any packet coming from BO clients. Once a packet is received, NOBO logs it with information about the sender (IP address and host name). NOBO can just ignore the packet or be configured to reply back with a message. This release features pingflood detection, option to configure the computer name to be returned in fake PING replies, and several bugfixes. 73k. By Flávio Veloso. RCR1_1new.zip 1844 78366 Aug 16 17:14:41 1999 RCR Bot v1.1 - RCR Bot is a plug-in for Back Orifice. It is an IRC client, Channel Bot style. The client is fully customizable and once installed on the BO'ed machine and logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. This version has its own ident server installed. 77k. By Zhenya. SaranWrap.zip 1824 17567 Aug 16 17:14:37 1999 SaranWrap v1.1 - BUTTplug plugin for Back Orifice. Saran Wrap 1.1 is an .exe wrapper that will install BO, and then run a specified application. SilkRope.zip 1820 41401 Aug 16 17:14:37 1999 SilkRope v1.0 - BUTTplug plugin for Back Orifice. Silk Rope 1.0 is an evolution of the SaranWrap concept. An .exe wrapper to facilitate remote installation of BO server and execution of specified application(s). SilkRope1.1.zip 1701 51536 Aug 16 17:14:37 1999 SilkRope v1.1 - Updated version of SilkRope Back Orifice Plugin; now with NT detection and simple encryption. SilkRope20.zip 2721 51536 Aug 16 17:14:37 1999 Silk Rope v2.0 - EXE, instructions, and C source code. Latest version of the Back Orifice plugin, with Install/Infect Redesign. Bind your BO installer with a program of your choosing to create a single file. Speakeasy.zip 1675 31444 Aug 16 17:14:37 1999 Speakeasy v0.1beta - Speakeasy is a Back Orifice ButtPlug that attempts to log into a predetermined IRC server on channel #BO_OWNED with a random username. It then proceeds to announce its IP address and a custom message every few minutes. src1.41.zip 1820 114823 Aug 16 17:14:39 1999 BoClient v1.41 source code for the BeeOne Windows version of the Back Orifice client, with a custom GUI. By BeeOne. Srv_gIrC1_8.zip 784 56565 Mar 29 23:13:40 2000 IRC Bot plugin for BO2K v1.0 - It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc. Homepage here. By RazboiniK Srv_gIrC1_81-4.zip 580 62241 Jun 1 11:53:00 2000 IRC plugin for BO2K v1.0. It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc. Changes: Added a packet flooder for taking down connections. Homepage here. By RazboiniK Srv_gIrC1_81.zip 795 60912 May 9 13:52:14 2000 IRC plugin for BO2K v1.0. It is an IRC client, Channel Bot style. Is fully customizable and once logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. The bot will rejoin any channel where get kicked, reconnect on disconnect, generate random nicks on raw 432 or 433, can delete, list, copy, spawn files on remote machine through irc... Homepage here. By RazboiniK tp10.zip 2114 137260 Aug 16 17:14:37 1999 Toilet Paper v1.0 - Toilet Paper is a program that claims to search for and removes the Back Orifice backdoor trojan, but actually installs it.