Remote Operations 2.4
(Backdoor.Win32.Remoper.19 for Server)
(Backdoor.Win32.Remoper.24 for Client)

by daedalus

Written in Delphi

Released in October 2002

more versions

		
**********************************
**REMOTE OPERATIONS [=REDEEMER=]**
**********************************


Contents
--------
=Quick Reference=
=What is Remote Operations=
=History of Remote Operations=
=Priming=
=Connecting=
=SSCMD=
=Tools=
=Current SSCMD Syntax List=
=CSM (Cross Server Manipulation)=
=ROCI=
=FAQ=
=Legal Stuff=


Quick Reference
---------------
Client Version: 2.4
Client Codename: REDEEMER
Server Version: 1.9
Server Codename: Sentinel
SSCMD Generation: 3
Server Direct Relation: 2.4
CSM: client version <2.4



What is Remote Operations
-------------------------
This is version 2.4 of remote operations, and it just got better.
Remote Operations allows you to access terminals over a network or the internet if
they are running the server (See "Connecting" to find out how).
Once connected you will be able to administer the computer within the confines of the
client, which is quite large.

In all, it is a remote access/administration tool.

History of Remote Operations
----------------------------
Remote Operations started life, officially, as Military Operations.
It was not very powerful back then with a weak command interpreter. 
MilOp got to V1.9 before it was trashed for the its offspring, Remote Operations.
Remote Operations started out at 2.0 in honour of MilOp. However 2.0-2.1 was never
on general release, it was only really used by me and a few other people. 
Finally I thought it time to release Remote Operations to the general public. 
V2.2 was its first released version but soon after that I had finished 2.3 which 
was a little more powerful then 2.2 with a few more functions. 
It was left at 2.3 for a while until recently when I started work on V2.4.
V2.4 was given a codename, because in the history of remote operations,
this is the most powerful it has ever been. It has 3rd generation SSCMD 
(its command interpreter) and many more functions then before.
Again, it was a step forward for the server, which was also given the codename Sentinel.
This is what you see today.

Priming
-------
Priming is the coined phrase for setting up a server on a terminal.
The Primer.exe (the name can be changed) automatically sets up the server on the system and gets it running. You just need to execute it. You will not know that the server is running- it is running in the background. It also automatically starts up on login.

Connecting
----------
Even if you are new to computers, Remote Operations is very easy to get to terms with.
I have setup the GUI (Graphical User Interface) for that reason.
now its time to get on with a step by step guide on basics:
Connecting is very easy. First you need the IP address (this is a unique string of 
numbers assigned to every computer on a network or internet. Normally it changes every 
time you dial up to the net. If you are always connected through a dedicated line or you
 are on a network workstation, then your IP will be the same).
Getting the IP is quite easy- you use the utility on the client, this will give you
your IP Address or go onto Start->Run and in the edit box type in "Winipcfg" 
(you are looking at IP Number). Otherways are sending a file to the computer you want
through an instant messenger program. Then use a utility like NeoMonitor 
(www.NYCSoftware.com) and look for out going connections. This reason for this is
because your terminal is making a direct link to a remote terminal. This means your
terminal is directly connecting to theirs therefore you grab the packets destination 
address and there you have their IP Address.
Once you have the IP Address, through any means, you can connect.
Go onto Uplink->Uplink Setup. In the server IP Address edit box, type in the IP Address
of the terminal and then click on "Establish".
Once connected the Caption of the window should say "Remote Operations REDEEMER :: Connected".
This means you have a link.

SSCMD
-----
As said earlier, SSCMD is the command interpreter for the server,
you send commdands though the parser or through the GUI, and the server interprets them.
SSCMD stands for Super String Commands. each command is broken up into different parts:
Command>Data>
This is a basic seperation:
The command is, as it says, the command for the server to carry out.
The Data has three varieties- Static, Dynamic and Relaxed

Static means that one data means one thing then another
eg keyspy>begin>  keyspy>end>

Dynamic means it can change with no affect to the processing, then data is processed in that state
eg winerror>this is dynamic>this is dynamic>ok

Relaxed means no matter what you put there, the server will just ignore it
eg hail>blah>

however, the command list sorts out syntax correctly for you.

Tools
-----
Matrix Message :: This sends a matrix style message much like that of one of the first scenes,
you will find out which one

Multi Error :: This sends one error message every 0.001 second. This takes up system resources

Shell Execute :: This executes any program going through their default opener 
(text files will open in Notepad, executes will run etc.)

System Time :: Change the system time remotely (very confusing)

Monitor :: Turn the monitor on/off/standby remotely

Go to URL :: Send them to any site

Security/Misc :: This is the misc of all the tools:
Disable HDD- Hide the Hard Drives from My Computer
Enable HDD- Shows the Hard Drives in My Computer on next boot up
Disable Desktop- Hides all Icons on the next boot up
Enable Desktop- Shows all Icons on next boot up
Home Page- Change their Homepage remotely
Legal Notice* Caption- The captions to a Legal Notice message
Legal Notice* Text- The text in the Legal Notice
Internet Explorer Caption (May not work!)- Changes the IE Caption
*Legal Notice- This is seen on logon, before the logon screen is shown it shows a message box 
(totally open to abuse:) )

VTPS :: This tool now fully works with the sentinel [1.9] server and client Redeemer
[ROP24] apart from the remote registry system.
Basically if you have 2 computers primed you can use one of them as a proxy by making 
it forward commands to another computer. Setup the IP to forward to and connect it. 

Reject User :: This can shutdown/logoff/restart/poweroff the user and their computer.
Soft means it sends out a terminate query but if it does not have soft it means it
is forced meaning it just terminates all processes (more dangerous- no saving work)

Remote Spooler :: Turn the computer into a printer. Send a load of strings (sentences if you will),
they are put in a file and then you can print it out on their computer

CD Tray :: Send a command to Open or Close the CD Tray (CD ROM Drive)

Retrieval :: This can grab from the registry which organisation and person the computer
is registered to, its version, its root directory (c:\Windows for example), 
its old root directory and best of all, the current user!

Clean Up :: Very useful. Basically means you can flush the auto start values for the 
server and tag the registry for auto removal. Tag is my coined phrase to quickly say it
adds a string value to the registry. A removal tag is therefore a string in RunOnce with
a value of 'delete "$path\program$"'

Boot Ups :: Boot up Probe (see probe) shutdown probe and shutdown server remotely

hail> :: Type this into the SSCMD Parser and this will return info on the servers version and status (Remote Operations Client V2.2 is directly related to V1.7 of the server) see cross server manipulation if not V1.7

Player :: This is Remote Ops MP3 Player (although it plays other things). I did not spend much time on this so the GUI is *NOT* friendly. Just type in the directory of the song file and click add (remove to get rid of it) and pres play once for play, another time for stop. Press pause once for pause on, again for pause off and the big R button to rewind (RealNetworks can sleep safe in their beds for now:)

Status :: Not really useful, only for me when debugging and even then its bugged to hell so that it does not work

Log :: Save you l33t log, Load you l33t log and clear the current log (at the bottom which gets updated with every action and says 'L33T LOG')

System Resource :: Grab the current system Resources

System OS :: Grab the system OS (better then the retrieval method)

Processes :: Lists all the processes on the remote terminal also has the ability to automatically insert the PID into the Process Killer

Kill Process :: Kills the process specified by the PID (Process ID)

Inform User :: This can bring up a panel informing the user that the terminal is in a remote adminstration session and you can turn off the panel

Regedit :: Allows you to navigate and edit the remote systems registry.

Ctrl Alt Del :: Allows you to disable the 3 fingered salute

Block Input :: Allows you to block all mouse and keyboard input on the remote system
and unblock it. [Windows disables this if you press ctrl+alt+del, 
however I have found a work around- if you actually disable ctrl alt del using the above
tool you can actually stop that)

Start Button :: Hides/Shows start button

Windows Error :: this has been totally overhauled so now you can use all the different
button combinations, all the different types of error message 
(error, warning, information and question) and it also returns what the user pressed

Remote SEd :: This is the remote server editor (SEd). Once you connect to the machine,
you can remote edit the server. THe current options are to Password Protect the server, 
Change its port and to change its boot method. Boot methods are:
On Login- When a user logs into windows with their account the server automatically starts up
On Start Up- When the windows login screen comes up it is running (it is running as a service)
No Event- If you don't want the server to boot up again then you click this and it will
not boot on next computer boot up

Reboot :: You can now reboot the server, by default in 3 seconds or you can specify a reboot time (in milliseconds)

ComAlias :: ComAlias is the feature that allows a Com(puter) Alias.
Basically if there is a server you connect to alot then use ComAlias.
It works the same as a DNS in some respects, you create a new ComAlias 
(enter the Alias and the IP of the system) and then you just use the name and you can
connect to it. It avoids remember a host of IP Addresses

RO-Ping :: A ping utility. You can ping remote terminals

RO-Mail :: An SMTP Client

RO-Scan :: Not amazing but it works- its a simple 1 host port scanner

Key Spy:: This is a remote keylogger running on its own server that you can boot up
and shut down when ever. It records the key thats logged (in ASCII Character Code),
whether it had CTRL, ALT or SHIFT held down when typed and which window it was typed into.
This can be used by admins to monitor when keys and pressed and into what window.

Ascii Converter :: As Key Spy records strokes in ASCII Code, 
i wrote a utility to convert from "Raw" log to readable letters. The conversion table
is fully customizable with commenting implemented. To comment you type // then a space then the comment, this is due to how the converter reads the file and cannot be helped.


Current SSCMD Syntax List
-------------------------

matrix>[message]>

multi error>>

shell>[directory]>

winerror>[Error Caption]>[Error message]>[Button Combo]

winquestion>[Error Caption]>[Error message]>[Button Combo]

winwarning>[Error Caption]>[Error message]>[Button Combo]

wininfo>[Error Caption]>[Error message]>[Button Combo]

systime>hour>minutes  (Note it is 24 hour clock)

monitor> - on>
        |
         - off>
        |
         - standby>

url>[URL]>

hide> -allhdd>
     |
      -!allhdd>
     |
      -desktop>
     |
      -!desktop>

legalcap>[caption]>[Message]>

iecap>[caption]>

iehomepage>[url]>

rejectuser> -shutdown>
           |
            -logoff>
           |
           -poweroff>
           |
            -restart>
           |
            -softshutdown>
           |
            -softrestart>
           |
            -softpoweroff>
           |
            -softrestart>

spool> -[string to print]>
      |
       -clear>
      |
       -print>

cdtray> -open>
       |
        -close>

ret> -sysroot>
    |
     -oldwin>
    |
     -version>
    |
     -admin>
    |
     -company>
    |
     -User> (**the U is uppercase**)

clean> -flush>
      |
       -tag>

probe> -boot>
      |
       -shut>

server>!>

system>resource>
       |
       -os>
       |
       -process>
       |
       -kill>[PID]


inform> -[dynamic]>
       |
        -! >

string>[Root Key]>[Dir]>[Data Name]>[Data Value]

delvalue>[Root Key]>[Dir]>[Data Name]>

key>[Root Key]>[Dir]>[Key Name]>

delkey>[Root Key]>[Dir]>[Data Name]>

int>[Root Key]>[Dir]>[Data Name]>[Data Value]

getkeys>[Root Key]>[Dir]>[Data Name]>

getvalues>[Root Key]>[Dir]>[Data Name]>

blockinput>TRUE>
           |
           -FALSE>

sb>TRUE>
     |
     -FALSE>

cad>TRUE>
       |
       -FALSE>

spassword>[Password]>

reboot>>
      |
       -[Milliseconds]

Ppassword>[Password]>

Kpassword>>

Port>[Port Number]>

bu>[start up method]

keyspy>begin>
      |
      -kill>


Don't worry if you don't understand that, its mainly used for CSM or ROCI

CSM (Cross Server Manipulation)
-------------------------------
Due to the fact that it works on command interpretation, you can use different
servers- that is the point for the SSCMD parser box at the bottom.
If, when you hail the server, there is no response, the person is running a very 
old version of the server and will use first generation super string commands as 
opposed to the second generation SSCMD. Any response below V1.9 or Sentinel is running
on an older version of SSCMD therefore you will always have to use the parser. 
If you are running an old version of the client then you are also safe because all
you need is the list of commands and just parse them through the SSCMD parser. 
for instance- if the response is 1.9 and you are running 2.2 then you just use the
unimplimented commands by typing them into the SSCMD parser.

ROCI
----
ROCI stands for Remote Operations Console Interface. It is basically for those that
know the SSCMD list off by heart and don't want to eat up resources by using a GUI.
the IP and Port are command line arguments in that order.
eg C:\Remote Operations\ROCI.exe 127.0.0.1 6066


daedalus


Client:
port: 6075 TCP



Server:
c:\WINDOWS\SYSTEM\win32rt.exe 

size: 886.784 bytes 

port: 6066 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Wi32De75" 

MegaSecurity