BO-BO 1.0
(Backdoor.Win32.Napalm.a)

by Serguey A. (Napalm)

Written in Delphi

Released in June 08, 1999

more versions


                    Napalm Presents
			  BO-BO
                   Remote Control System
		    ver.1.00 Final Beta
		        08.06.1999

BO-BO program allows a user to penetrate and control other computers based 
on Windows'95/98 in any TCP/IP network. BO-BO program consists of two main 
modules: 

server.exe - server module which should be installed on the machine you wish
             to control. User can rename this module if he likes.
BoBo.exe - client module which allows user to perform different actions on 
           computer-server.

to "infect" the target computer user should simply execute server module on the
computer and server will install itself automatically, but it doesn't delete 
itself like Back Orifice server, if user deletes this file after its execution
server will still start every time when the machine boots. 
When user wants to start perorming actions on the other computer he should start
client module of the program and set the TCP connection between his and target 
computer. Then the user can send different commands to target copmputer by choosing
it among the number of the commands in the list and clicking "Send" button. Some 
commands need additional parameters to be executed, if required information is 
incorrect or misses then you'll see an errror messagebox or an error message in
the output window.
Only one action at once can be executed between server and client machine.
Here is the description of all possible commands:

File Delete
Deletes a specified file.  As a parameter user should specify the full path and name
of the file (example: c:\autoexec.bat)

File Download
Downloads a specified file to the client machine. As the first parameter user should 
specify the full path and the name of the file on server-computer and as the second 
parameter user should specify the full path and the name of the file under which the 
received file should be saved on the user's computer. (example. first param.:
c:\command.com ;sec. param.:c:\download\hiscomand.com). First parameter is necessary,
second parameter can be left blank or can have only path to the directory where the 
file must be stored after receiving, then the received file will be stored in current 
or specified directory and the name of the received file will stay the same as the name 
of the source file (example. first param.:c:\command.com ;sec.param.:c:\download\ ;the
received file will have name command.com and will be stored in c:\download directory)

File List
Shows the list of files and directories stored in the specified directory or logical drive 
and also shows the size of each file. As a parameter user should specify the path and 
optionally the mask of the files to be shown (example. first param:c:\) or (example. 
first param.:c:\*.exe).

File Upload
Uploads a specified file from user's machine to server-computer. The first parameter is
the full path and filename of the new file on the server-computer and the second parameter
is the full path and file name of the source file on the user's computer.Second parameter is
necessary to be filled, the first parameter can be left blank or have only the path specified
(see File Download).(example. first param:c:\photo.exe ;sec.param.:c:\BOBO\server.exe) or
(example. first param: ;sec.param.:c:\command.com)

Get ICQ Passwords
Shows ICQ passwords if ICQ99 is present on the server machine. No parameters needed.

Get PWL Passwords
Shows PWL passwords. No parameters needed.

Go to URL
Forces the server computer's web browser to go to the specified URL. First parameter is 
the URL iself.(exapmle. first param.:www.sex.com)

Ping
Just pings, to check the connection and receive the version of the BOBO server.

Process Kill
Kills specified process. First parameter should have the Process ID number.

Process Run
Executes specified process. First parameter should be the full path and the name of the program 
to be executed.

Processes Show
Shows all current processes on server's machine, their ID numbers and full path. No parameters 
needed.

Reboot
Reboots server-machine. No parameters needed.

Send Message
Shows the message to the user of the server machine. First parameter should have the text of 
the message. (example. first param.:Hi! Do you like that?)

System Info
Shows system info of the computer server: username, computername,Windows version,logical drives
names. No parameters needed.

-----------------------------------------------------------------------------------------------
Sometimes when you have troubles with the connection it could be agood opition to click 
Disconnect and then Connect again. it definately helps sometomes :-)
-----------------------------------------------------------------------------------------------
BOBO program was written in a hurry, the author didn't have much time to add more commands 
to the program and make it more nice and powerful because of school final exams and everything
what is connected to it. if you like my program and you are very welcome to ask questions, 
give any comment, suggestion or help at 

                                [email protected]

You can send your messages to me in Russian, English or Estonian language.

Latest version of the program can be found at http://napalm.itgo.com

Thank you for your attention ! :-)


Server:
dropped file:
C:\WINDOWS\SYSTEM\Dllclient.exe 

size: 145 & 321 KB

port: 4321 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "DirectLibrarySupport" 
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ICQ Accel "Path" 

MegaSecurity