Recon 1.99.19.10
(Backdoor.Recon)

by [nexuz] & [ZaJoker]

Released in november 1999


Remote Control Over Networks v2
ReCON aka RCONv2 by [nexuz] & [ZaJoker]
version 1.99.19.10

(c) 1999 XLegacy INC.

NOTE: The only available login in this version is "root" and the
      default password is also "root".

ReCON commands description:

"CMDS"     - sintax: "/cmds"
           - very usefull command (acctualy THE MOST USEFULL)
           - lists all available ReCON built-in commands
"VER"      - sintax: "/ver"
           - displays the ReCON version info and stuff
"PROGMAST" - sintax "/ver"
           - used to complete "/VER"
"PWL"      - sintax: "/pwl [old password] [new password]"
           - changes the "old password" (default "root") to "new password"
           - [old password] specifies the old login password; must be valid
           - [new password] specifies the new password; can't contain spaces
"EXEC"     - sintax: "/exec [application]"
           - executes the specified application and reports any error
           - [application] must be a program's name including path
"COPY"     - sintax: "/copy [source file]![destination file]"
           - copy's a file to specified location
           - no wildcards allowed
           - [source file], [destination file] may contain spaces (LFN)
"UNLINK"   - sintax: "/unlink [file name]"
           - deletes the specified file
           - [file name] may be a long file name
"CD"       - sintax: "/cd [new directory]"
           - changes the current directory
           - the parameter is optional
           - if no parameter, displays the current directory
"DIR"      - sintax: "/dir [file specifier]"
           - lists all files and subdirs matching the [file specifier]
           - wildcards allowed
           - if no parameter, lists all subdirs and files in current directory
"RMDIR"    - sintax: "/rmdir [directory name]"
           - removes the specified directory
           - the specified directory must be empty
           - [directory name] supports LFN
"MKDIR"    - sintax: "/mkdir [directory name]"
           - creates a new directory with specified name
           - [directory name] supports LFN
           - [directory name] musn't exist
"ATTR"     - sintax: "/attr [file name] [+attributes] [-attributes]"
           - sets/clears the specified attributes for a file
           - [+attributes], [-attributes] are optional parameters;
             if missing the the current attributes of the file are listed
           - wildcards not allowed
"RCPCALL"  - sintax: "/rcpcall [RCP name] [RCP function]"
           - executes a function from a RCP (Remote Control Plugin)
           - [RCP name] points to a valid RCP module created with RDK
           - [RCP function] is the RCP function name to be called
           note: You may get the RDK (ReCON Development Kit) by
                 sending an e-mail to: [email protected]
"MSG"      - sintax: "/msg [from->][message]"
           - shows a message on host
           - [from->] parameter is optional; default is "a ghost"
"ERR"      - sintax: "/err [fake error message]"
           - generates a fake error on host
"TITLEMSG" - sintax: "/titlemsg [caption]"
           - change the title of all windows listed by "DOZES"
           - [caption] is the new title for all windows
           note: after using "TITLEMSG" you won't be able to
                 recognize the windows listed with "DOZES"
"ALLMSG"   - sintax: "/allmsg [message]"
           - changes all captions (buttons, windows, labels, etc.)
           - [message] is the new caption to be set
           note: same as "TITLEMSG"
"STATE"    - sintax: "/state [on/off] [window title]"
           - enables/disables the specified window
           - if the [window title] parameter is "*" then all windows
             will be enabled/disabled
           note: use with care if you are testing on the localhost
                 because you might get stuck
"PAINT"    - sintax: "/paint"
           - it paints the desktop over all other windows (pretty cool)
           - the effect is temporary
"DESK"     - sintax: "/desk [on/off]"
           - shows/hides all icons on desktop
"TASK"     - sintax: "/task [on/off]"
           - shows/hides the taskbar
           - Start menu is still active and can be accessed using the Win-key
"MONITOR"  - sintax: "/monitor [on/off]"
           - turns on/off the monitor (so far it worked on all tested monitors)
           - the monitor stays off until "/monitor on" command fallows or
             the PC is rebooted
"WINKEYS"  - sintax: "/winkeys [on/off]"
           - it turns on/off the windows special keys and
             the windows keyboard shortcuts (CRTL+ESC, ALT+TAB, and all others)
"CDEJ"     - sintax: "/cdej [on/off]"
           - opens/closes the CD-audio door
           - it may not work on all computers (the only PC on wich i
             encountred difficultyes during tests, wich freezes on "CDEJ"
             command is a FUNAI E285XA (my own :)
"DOZES"    - sintax: "/dozes"
           - lists all windows that have a "display-able" title
           - doesn't make much sense after "TITLEMSG" or "ALLMSG"
"KILLWIN"  - sintax: "/killwin [windowname]"
           - destroys a window
           - if there are more windows with the same name then
             only the first found is killed, then you must repeat the command
"PIDS"     - sintax: "/pids"
           - lists all proccesses currently running
           - more effective than "DOZES"
"KILLPID"  - sintax: "/killpid [PID]"
           - stops the specified proccess (must use "PIDS" to get a list)
           - this is 100% efficient proccess killing (unlike "KILLWIN")
           note: DO NOT mess with system's proccesses (like KERNEL32.DLL)
                 because this will probably ( (31.8*PI)% chances) freeze the host PC
"WHO"      - sintax: "/who"
           - lists all "clients" connected to the ReCON server
           note: if a client is in the login state then the name will be
                 preceded by "WANNABE"
"SAY"      - sintax: "/say [onliner number] [message]"
           - prints the [message] on the terminal of the client
             matching [onliner number] (use "WHO" to get a list)
           note: the "you're looney" message apears when you try talking
                 to yourself :)
"REBOOT"   - sintax: "/reboot"
           - reboots the host machine
"LOGOUT"   - sintax: "/logout"
           - logs out the current logged on user
"HALT"     - sintax: "/halt"
           - performs system shutdown
           - is the case is ATX then Power off will be performed too
"NFOS"     - sintax: "/nfos"
           - retreives system general info
"PASSWDS"  - sintax: "/passwds"
           - squeezes cached passwords from host PC
           note: very usefull... you don't know what you might find in there
"SHARES"   - sintax: "/shares"
           - lists all shares on PC including theyre access passwords
"ADDSHR"   - sintax: "/addshr [path] [sharename]"
           - adds a new share to the system
           - sharename must be 12 chars long tops
           note: the description of the new share is set to "ReCONed path"
"RMSHR"    - sintax: "/rmshr [sharename]"
           - removes the specified share from host
"CLS"      - sintax: "/cls"
           - clears the screen
"CL"       - sintax: "/cl [color index(optional)]"
           - usefull under Linux Telent client
           - changes the text color
           - if parameter missing then lists all color indexes
"BK"       - sintax: "/bk [color index(optional)]"
           - usefull on Linux Telnet client
           - changes background color
           - if parameter missing then lists the color index
"QUIT"     - sintax: "/quit"
           - disconnects from ReCON server
           - most usefull command :)))

COMMAND COMBOS:
"COPY"+"DEL" - to rename/move a file
"WINKEYS"+"TASK" - completly deactivates taskbar and start menu

For additional help contact: [email protected]

Documentation wrote by: nexuz ([email protected])


Server:
c:\WINDOWS\SYSTEM\win32nethlp.exe 

size: 142.101 bytes 

port: 7676 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "WinNetHelp" 

MegaSecurity