Optix Lite 0.4 (a)
(Backdoor.Win32.Optix.04.a)

by xMs and th3 s13az3

Written in Delphi

Released in November 2001

more versions


Evil Eye Software

Optix Lite 0.4 - Server Compile {GMC1}
               - Client Compile {GMC1)
               - SMTP Compile   {GMC1)

New in 0.4:

1)  SMTP Plugin.
    Do not confuse this with
    normal email notify.
    The plugin IS an SMTP
    server itself,
    so you do not need to rely on an open SMTP server that may be shut down in the future.
    Enter a TO and FROM email.  TEST in client, server editor, page 3 before sending server out.

In addition,
you can put your winsmtp.plg file on your web server,
and enter the COMPLETE path/filename in the URL edit box,
and Optix Lite server will automatically download it when the server runs on your **customer's** machine.
Here are the rules for winsmtp.plg:

  a) Do not rename this file or it will not work.
  b) Do not attempt to pack this file, or it will not work.
  c) For server to use it, it must be located in the windows directory.
  d) If you opt for the plugin to be downloaded, it will be put in the windows directory.
  e) To test your DNS server in the Client->Server Editor->Page 3,
     the winsmtp.plg must be in the same directory as your client.exe file.
  f) If you are going to test your server file on your local machine,
     COPY WINSMTP.PLG to your Windows directory.  It won't work unless you do.
  g) You do not have to use the Download URL feature of SMTP Notification.
     If you choose NOT to use it, then you can connect to your **customer** and directly upload it.
     Be sure you checked 'Use SMTP Notification' in the client when setting up your server, or it will not work.
     If winsmtp.plg is not in the windows directory,
     then the notification routine bypasses it and will continue to check for it
     (if selected in Server Editor) each time the **customer** is online.

**SPECIAL NOTE**
During testing, it seems ICQ Email express compares the sending host to the host
of yahoo.com or hotmail.com if the FROM email address is one of those domains.
It will accept the email, but filter it out, and it will not come to you.
Try some other free email domains, or a different email address all together for the FROM address.

Also, to ensure you keep your **customers** it is highly advisable NOT to use ICQ email express directly.
You should consider getting a free email account that will let you forward your email to another email account.
That way, if ICQ Email Express goes down, it still goes to your primary email account as a backup.

2)  Reduced server size.  Delphi is a great programming language, but some of it's units can have some overhead.
    We got rid of all those units and created our own winapi functions to replace them with,
    which reduced the server size quite a bit.  

3)  ICQ Notification (Nov 2001) added.  How long it stays up is anyone's guess.

4)  Fixed a bug with cgi notify where it would constantly post cgi data every 90 seconds,
    instead of checking to see if the IP address had changed.
    Only happened when **customer** was online.

5)  Added multiple IP tracking, so if **customer** has multiple IP addresses,
    Optix Lite will enumerate all IP addresses and post them. 
    You can still double click in Online Vic List with multiple IPs,
    and Optix Lite Client will prompt you for which one you want to connect to.

6) Remove certain AV registry settings so on restart, certain files will not reload.
   Do not test this option on yourself, or you may loose your AV Registry settings.
   You've been warned, and if you are too lazy to read the help file,
   then you are probably reading it now wondering "WTF?".

7) Added 'Clear Vic List' button.  This will clear the s7 vic list at the server.
   Use to clear your list out if cluttered.  New vics will appear as they come back online.

8) Added Dynamic URL parameter for the CGI URL field in Server Editor.
   The idea is, you don't want to loose vics if a host disables your account.
   So you create an alternative 'free' site, called a 'safe site' where you store a text file of anyname, ie: myurl.txt . 
   Inside that txt file would be the URL to your actual s7 script,
   ie: http://www.mysite.com/cgi-bin/subseven.cgi  Exactly like that,
   no returns, no extra spaces.  A simple txt file, with your s7 url.
   Upload it to your 'safe site', perhaps a geocities.com web site.
   Since the txt file is not cgi, you do not have to use a CGI enabled site.
   Then in the Server Editor, for the CGI URL field,
   instead of entering: http://www.mysite.com/cgi-bin/subseven.cgi you enter:
   durl:http://www.safesite.com/myurl.txt 
   The filename 'myurl.txt' is arbitrary for this example, you can name the file as you like.
   The key for this to work is two fold:

a) you must create a txt file with your real,
   complete URL to your subseven.cgi script like:
   http://www.mysite.com/cgi-bin/subseven.cgi and upload to your 'safe site'.

b) you must prefix the URL to your safe site with: durl: ,
   ie: durl:http://www.safesite.com/myurl.txt

If you loose your host with OL4 servers installed,
then modify the myurl.txt file on your safe site and your servers will know to post cgi to your new cgi site.

9) When in Online Vic List viewer and double clicking to connect to a vic,
   it will only go to the 'Connect' screen if it establishes a connect. 
   This will eliminate the need to go back and forth.

10) Added remote Reboot button to expedite number 6 above.

***************** Optix Lite Release History *****************

Optix Lite 0.3 - server compile 4

0.3 server bug fixes this release:
-10/22/01 - winstart startup method: would cause exception error message if winstart.bat didn't exist.  fixed.
-10/22/01 - winstart startup method: if winstart.bat didn't exist on 95/98/ME,
            would not created.  fixed.
-10/24/01 - uninstall, only affects win2k/nt machines, if winstart did not exist,
            would give error when uninstalling from remote.  This is fixed.

Optix Lite is a small uploader remote administration tool. 
Included in the ZIP file are this txt file, the client, the server, and cgi-logger.zip (see below).
The server is unpacked, which accounts for it's size.
This is to help AV's have a harder time to lock onto OL.
Once you have entered settings from client, pack the server with your favorite packer (UPX, ASPack, etc.). 
Once packed, the server cannot be re-edited.

Many new features have been added to Optix Lite 3, including:

CGI Notify using Black Fire's (Sub Seven Crew) cgi-logger (Thanks Black Fire!).
Online Vic List viewer that shows *customer* info in Optix Lite client. 
Double click a *customer* and connect!
Encryption - All internal server settings are now encrypted, for better security.
New Interface Look/Feel.
JPEG icon add for server icon.
Most common client feature data saved to registry for more user friendly client.
New backup startup method (copies server to system\tapisvc.sys and uses winstart to restore) if server does not exist.
If server does not exist, backup is copied to Start Menu\Programs\Startup\ folder
so it will run instantly during current windows boot.
The backup method checks if OS is 95/98/ME and will set winstart.bat, otherwise,
ignores if NT/2K so you can always check this tab if you want to use,
without worrying if winstart.bat is used by OS.
Server date set to 12/7/1999 7:00 AM when installed.
Uninstall Server removes all settings and server file(s) from computer.
This can be used for your own testing of the server.
When you are through testing your server, connect locally (127.0.0.1)
and click Uninstall Server and it will remove the backup, restore your winstart.bat,
and remove any registry settings for the server.
It is a 100% complete restoration of the computer to what it was before.

Before using with CGI Notify, you must setup Black Fire's cgi-logger.
Complete instructions are in his ZIP file,
including some host services that allow free accounts with cgi-bin access.
It's very easy to install, you do not need to know anything about CGI to set it up.
Basically the steps are:

1) Unzip cgi-logger.zip
2) Upload files to your cgi-bin directory
3) Follow the chmod setting instructions, and set files appropriately
4) Go to www.yoursite.com/cgi-bin/setup.cgi
5) Follow instructions

It's really that easy.  Remember your user name and password,
and if you use the 5 digit code in setup.cgi, remember it,
as you will need these settings in Optix Lite. 
DO NOT CONTACT US about setting up the cgi logger.
DO NOT CONTACT US for free hosting sites with cgi access. 
They are sparse, they come and go at will.
Your best bet is to get a redirection domain setup where you can point your domain to any other site,
so if you loose access at one site, your *customers* are not lost.
Two additional resources for finding free hosting sites are:

1)  http://webhosts.thelist.com/
2)  http://www.comparewebhosts.com/

Once you have completed this, open the client and go to [Online Vic List].
On page two of this section, you can enter your url in the form of:
http://www.yoursite.com/cgi-bin/setup.cgi in the URL field (do not add ? or other params).
Enter your user name and password (stored encrypted in registry to auto load next time client starts).
Click the <- arrow, and your *customer* list should display.
Double click a customer to connect to them directly.

From there, go to [Server Editor] and setup is like before,
with additional page, and CGI Notify option.

xMs





Server:
C:\WINDOWS\

size: 65 KB

port: 5151 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MegaSecurity