Flux 1.0 updated
(Backdoor.Win32.Fluxdor.e for Client)
(TrojanSpy.Win32.Flux.a)

by Gargamel

Written in Visual C++

Released in August 2004

more versions 


Flux, v1.0

DISCLAIMER:
Flux may only be used on your own computers or on computers where
the owner has expressly given his/her approval.
Neither EES or the creator(s) of Flux will in no way
be held responsible for any damages caused by
the negligent use of this software.


1. - ABOUT FLUX
2. - FEATURES
3. - QUICKSTART
4. - IF CLIENT DOESN'T START ("Runtime error")
5. - CREDITS
6. - CONTACT

1. ABOUT FLUX
-------------
This is the first release of a remote administration tool named Flux.
This application allows you to administer a remote computer, also a such behind a router or protected by a firewall.

2. FEATURES
-----------
2.1 SERVER STEALTH AND INSTALL
- FWBP+ (can inject to default browser, msn messenger or up to three specified applications)
- Persistent server (server is hard to remove, it will be rerun when closed,
  rewritten when deleted, readded to registry when removed)
- Startup method: Registry run + ActiveX + Flux-special.
- Installs to windows or system directory.
- Stubsize: 20 kb unpacked, 12 kb packed

2.2 CONNECTION
- Up to three specified ports in client can listen for connections.
- Up to three specified IPs can be used for connection
- Up to three specified URLs can be used to IP.


2.3 BASIC STUFF
- File manager (uses caches to speed up browsing, supports download resuming)
- Screen capture, uses either jpeg-compression or diff. calculation
  to stream users desktop (both included in basic server)
- Cam capture (opt. to save caps)
- Keylogger (opt. to log in background)
- Passwordsniffer (logs all text entered into password/***-boxes)
- Find files
- Task list (can capture a certain window or control)
- Process list
- SOCKS4
- Show message box
- Execution file from URL
- Connection is encrypted with a 1024-bit key

2.4 FLUX STUFF
- Thumbnail mode
  Gives a view of connected users with option to stream their desktop or webcam
  in small thumbnails directly in main view.
- Views,
  Allows you to add/remove views to which you can drag and drop users to organize
  them in different categories.
- User information,
  Information such as name, email, icq, msn, note and picture can be added to
  individual users.
- Offline browsing of users (shows above information and more such as first/last
  connection date, OS, bridge, ...)
- Export user list as XML-file.
- Offline file browsing (browse offline users files)
- New concept in screen capture using "boxes". Flux divides users desktop in 9 boxes
  where you can turn on/off a certain box to increase speed over slow connections.
- Two methods of doing desktop streaming: JPEG-compression and diff. calculation.
  Jpeg compression, does as the name implies, compresses images using jpeg.
  Diff. calculation calculates the difference between each capture and only sends the
  updated part compressed with lzrw/rle.
  Both methods only send updates when actually available (for particular box).
  Jpeg is more useful when remote desktop includes "big" changes between each capture,
  for instance when user is playing a game. Diff. calculation is very fast when used
  where the users desktop includes "small" changes, for instance during a chat.


3. QUICKSTART
-------------
Click New Server to create, as the name implies, a new server.

In "Installation" field:
Pick one of two installation directories (windows/system).
Enter a filename that you want the installed file to be named.
(If you pick dir. Windows and filename as myflux.exe it will be installed as c:\\myflux.exe).

In "Firewall bypassing" field:
Pick at least one application to be used as the host for the server. Usually it's enough with default browser and msn but if you want you can add your own specific paths too.
To add a specific path you have to "guess" the path to the exe-file on the remote computer. To aid in the matter there is a predefined '?' which translated in server becomes the users program files dir. So if you (as the example) enter "?\kazaa\kazaa.exe" the server will try to execute c:\program files\kazaa\kazaa.exe (if c:\program files is the users program files-path).

In "Startup" field:
Tick the "Autostart with.." if you want the server to be autostarted with windows every time the user logs in/boots up.
If ticked you must also supply the key that will be used in the registry.
(The autostart methods used are reg. run, activex and flux-special)
Tick "Persistent server" if you want the server to be hard to delete or remove.
Tick "Melt..." if you want the initial server to be autodeleted when ran.

In "Connection" field:
Enter port that you want the server to connect you back on. This is the port you must open up in the clients (add it using the settings dialog).
Enter password to be used for the connection.

Now if you have static ip or use a dyndns/no-ip enter that address in one of the ip-fields (the ones marked 2, 4 and 6)
If you want your ip to be fetched from an URL enter that URL in one of the fields 1, 3 or 5.
The numbers stand for try-order. Which means the order in which flux will try to retrieve ip and connect.

Now if you make use of URLs you have to enter an encryption-key (bottom-right). This is the key which will be used to decrypt the downloaded ip-file. (I�ll get to that later*)

In "Identification" field:
Enter a name and group which will be used to id the server/user. The group is permanent and the name can be changed after connection.

If you want the server to be compressed tick the �Compress server�.

Click "Save" and you should probably now have a server.exe in same dir as Flux!  

*If you make use of ip-fetching from URL you must somehow upload your ip to the URL before the server can download it, right?
So that's when you go to "Options"->"IP Uploader".
Fill in all necessary ftp-values and in the IP-field fill in the ip which should be connected to by the server. 

In "Security" field enter a key which should be used to encrypt the ip-file.
This key will have to be same as the one supplied when creating a new server.
Now click "OK" and flux will upload your file to the ftp.

Hopefully you're done now  
Oh, btw. go to "Options"->"Settings" and enter your password to be used for authorizations + add the ports which you'll use.
Now, you're done!

4. IF CLIENT DOESN'T START ("Runtime error")
--------------------------------------------

If something like Microsoft Access is not installed in your computer,
you probably don't have DAO 3.6 (the file dao360.dll) installed either.
First try to run Flux. If it doesn't work follow these steps:
(NOTE! This is only an issue with the Client, the server still works and doesn't need any extra dll-files)
1. Create the folder DAO in your "x:\<Common Files>\Microsoft Shared\" directory.
2. Copy the dao360.dll to the created folder.
3. Register the dll with with regsvr32:
   "regsvr32 c:\<Common files>\Microsoft Shared\DAO\dao360.dll"

(dao360.dll is included in the original zip-package)

Gargamel


Server:
dropped file:
c:\WINNT\server.exe

size: 12.966 bytes (compressed)

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "blabla"
data: C:\WINNT\server.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce "*blabla"
data: C:\WINNT\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17805C0B-5D6E-3B6D-7A5C-72D4E263A0E8} "StubPath"
data: C:\WINNT\server.exe 2 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "blabla"
data: C:\WINNT\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "*blabla"
data: C:\WINNT\server.exe 

tested on win2000
MegaSecurity