12345678_1_2345678_2_2345678_3_23456789_4_2345678_5_2345678_6_2345678_7_2345678_8 Butt Trumpet, a Buttplug-in for BackOrifice ~~~~ ~~~~~~~ Version 1.1 Concieved and Written by Brian Enigma Abstract ~~~~~~~~ I just got back from DefCon 6.0 and witnissed all the hype and fanfare for BackOrifice. If you do not already know how cool and wonderful BackOrifice is, you will have to go to http://www.cultdeadcow.com to witness it in its full glory. The idea was brought up during the Back Orifice "show" of having an installed BO server contact its installer to notify him/her of its location. This has wonderful application to Usenet newsgroups! You do not need to know who your victims are--you would simply post the executable and anyone lame enough to run it would have their computer automatically spew out a message stating "I'm wide open" to some predetermined email address. Sounds like a good idea, right? The CDC had previously thought of this idea, but shot it down--their point being that you do not want ANYTHING in there that might point back to your home email address or IP address. This is an entirely valid point. Sure, you or I might use an anonymous remailer. But for every one of us, there are dozens of HaPpY hAx0rZ out there who have never heard of an anonymous remailer, who would not read the directions, and who would blindly put in their my_daddy's_name@AOL.COM email address. So, in this light, I am releasing the Butt Trumpet Buttplug-in for Back Orifice. Use it wisely, use it well, use it at your own risk. Description ~~~~~~~~~~~ Butt Trumpet is a DLL plugin for Back Orifice. It is launched when BO is launched. Once running, it checks to see if it has successfully run and send an email message in the past (by checking a registry key.... HKLM/SOFTWARE/NinjaSoft/BT/RunSuccess for those that care). If it has successfully sent a message in the past, it quits. If it has not, it attempts to connect to a predetermined SMTP server (see setup instructions below). If Butt Trumpet has problems connecting to this SMTP server, it goes into a sort of "Sleep Mode" for 5 minutes and tries again. This keeps happening until BO and BT are told to terminate (shutdown/reboot) or until it successfully connects (at which point, it writes to the above registry key, so that multiple messages are not sent). Installation ~~~~~~~~~~~~ Installation is quite simple. Simple use BOConfig, as you would at any other time. When you get to the question "Default plugin to run on startup" Simply type in: bt.dll:_start (or whatever you have renamed it to). The item before the colon is the file name to run. The item after the colon is the exported function to run (which must be "_start"). The next question "Arguments for plugin" should be an SMTP server name or numeric IP address, directly followed by a comma, directly followed by an email address. WARNING: Use a "dropbox" email address and not your own! Try looking up anonymous remailers on Yahoo. You could also try HotMail or Yahoo Mail--only they usually log your incoming IP address when you come to pick up mail. An example is: hotmail.com,deadcow@hotmail.com Next, you will have to attach the DLL to the installer. "File to attach" should bt BT.DLL (or whatever it has been renamed to). "Write file as" should probably be the same. Source Code ~~~~~~ ~~~~ Source code is included. Please be kind. I'm still recovering from DefCon and this was my first attempt at writing a "bare-bones" straight C Windows DLL that does not use the big, bloated MFC libraries (meaning...no external DLL dependencies except for the WinSock DLL's...and small, fast code--about 70K in size). Any bug reports or code suggestions would be appreciated, and may be sent to enigma@netninja.com. Conclusion ~~~~~~~~~~ Have fun. Do not cause too much trouble. Thanks, CDC for making such a great "tool."