Written in Delphi
Released in September 1998
phAse zero version 1.0 beta (c) 1998 Njord of Kr0me Corp user documentation phAse zero is remote administration tool composed of a server running on all current win32 platforms (windows NT / windows 95 / windows 98), a graphical user interface (GUI) and an installer. some of the features of this first release (1.0 beta): o integrated remote ftp client o remote file system control o spawning of processes o functions to manipulate the windows registries o restricting access to the phAse server via ip masks o configurable registry/executable name and server port and much more (see the list below for a complete listing). in order to install phAse zero on a server, copy the three exe files (setup.exe client.exe phase.exe) to a directory and run setup. a dialog box will appear; if you don't want to change the default settings for the registry, click on 'yes' to proceed. next, you will be prompted for the port to use (default is 555) and an optional ip mask. if you specify the ip mask, only users from a certain host will be allowed to access the phAse zero server. you can leave this field blank if you don't need access restrictions. these are all valid ip mask formats: 123.45.67.8 123.45.67 123.45.6 123.45. 123.45 etc. the installer will write to the windows registry and install the server's executable (one file). then control is returned to the user. please note that the executable file size is random. if you need further "security" you may change the default registry keys (key name and file name) using setup.exe. once the server is installed, it runs hidden from the tasklist and the taskbar and uses CPU time only when needed. to activate phAse from remote, use the GUI interface (client.exe). you just need to enter the server's host name or ip address and the port that you have chosen during the installation (the default is 555). now, click on OK. the server will respond with its version name and number. select the command you want to use and click on it: one or more parameters (edit boxes) will be activated if necessary. fill in all the required parameters and press the SEND button. to terminate the current session, you can either click on OFF or enter the "terminate session" command (followed by the SEND button). these are all the commands currently implemented in this version of phAse zero, along with their parameters: FTP UPLOAD <user> <pass> <host> <local file path> <remote path> <remote file> tell the server to upload the specified local file via ftp to remote path FTP DOWNLOAD <user> <pass> <host> <local file path> <remote path> <remote file> tell the server to download the specified remote file via ftp to local path EXECUTE [s|h] <file path> execute a file (S=show window, H=hide window) CHANGE DIRECTORY <directory> LIST DIRECTORY <path and mask> a file mask is required, path is optional (example: D:\WINNT\*.*) CREATE DIRECTORY <directory> REMOVE DIRECTORY <directory> SHOW CURRENT DIR COPY FILE <input file> <output file> MOVE FILE <input file> <output file> RENAME FILE <old file name> <new file name> DELETE FILE <file path> TYPE FILE <file path> type the specified text file HEX TYPE FILE <file path> shows an hexadecimal dump of the specified binary or text file SHOW DIALOG BOX <message> shows the specified message into a dialog box on the server LOCKUP SERVER locks up the server TRASH SERVER trashes the server and locks it up REG CREATE KEY <key> create the specified registry key REG DELETE KEY <key> deletes the specified registry key REG DELETE VALUE <key> deletes the specified registry value REG CHECK KEY <key> determines if a key or a name exists REG SET CURRENT KEY <key> sets the currently open registry key REG READ KEY VALUE <key> read the specified key's value REG WRITE KEY VALUE <key> <value> creates or updates the specified key and associated value REG LIST KEYS lists available keys in the currently open key REG LIST VALUES lists available values in the currently open key TERMINATE SESSION terminates the current session only UNLOAD SERVER terminates all connections and unloads the server please note that this is the first public beta of phAse zero, and it is by no means complete. possible future additions: file sharing support, stealth key logging, media player, integrated port and host scanner, plugins, etc. please report any bugs you find (suggestions/criticisms/ideas are welcome). -- (C) 1998 by Njord of Kr0me Corp. All rights reserved. Server: size: 301.568 bytes port: 555 TCP startup: noneMegaSecurity