NetSphere 1.30
(Backdoor.Win32.NetSphere.130)

by Sean "DeathBreadstick" Hamilton and Adam "Beefcake" McGirr

Written in Delphi

Released in May 1999

more versions


   | 1 | Keylogging

Keylogging will not work immediatley. First, you must do this:

1. Connect to the target.

2. Open the File System.

3. Upload the keylogging DLL in your local NetSphere directory (khd2.dll) to their C:\WINDOWS\SYSTEM
   directory, or wherever their WINDOWS\SYSTEM directory is. You can't rename this file.

4. After the upload has finished, go Target > Server > Restart Server.

It is still a little buggy, and for some unknown reason, makes some
games (namely Quake II) exit unexpectedly.
    ___
---|   |---------------------------------------------------------------
   | 2 | Newbie Directions
---|___|---------------------------------------------------------------

1. The target MUST run the server ("NetSphereServer.exe") on their
   computer. You can either run this on their computer yourself, or you
   can rename it to something and then trick them into running it.

2. Get their IP. There are many ways of doing this; the best way is
   with ICQ. Go to section 5 fore more detailed instructions.

3. Run the client (NetSphereClient.exe). Enter their IP into the "IP
   or DNS" box, and hit "Connect".

   Keep an eye on the status bar.

   Once it has connected, the "Target" button will become active. You
   can then do stuff to/on the remote computer.

3. When you're done, hit "Disconnect", or just close the client.
    ___
---|   |---------------------------------------------------------------
   | 3 | Client Parameters
---|___|---------------------------------------------------------------

NetSphereClient.exe /connect (IP or DNS)
   You can directly connect to an IP with the /connect parameter.

NetSphereClient.exe /debug
   You can have it display debug info (for your prying eyes) with the
   /debug parameter. If the client is behaving strangely, you may want
   to have it display various tidbits of information, to assist in
   tracking down your problem.

NetSphereClient.exe /noannounce
   The client won't try to download the announcements from the
   NetSphere web server. This is usefull if you don't have internet
   access from where you are operating.
    ___
---|   |---------------------------------------------------------------
   | 4 | Server Parameters
---|___|---------------------------------------------------------------

NetSphereServer.exe /visible
   You can run the server in Visible mode. You can then configure some
   extra features via the server's GUI.
    ___
---|   |---------------------------------------------------------------
   | 5 | Getting an IP from ICQ
---|___|---------------------------------------------------------------

1. Right-click on one of your contacts, then select "Info" (near the
   bottom).
2. Their IP will be in the box labeled "Current/Last IP".
3. Right-click in the IP box, then select "Select All".
4. Right-click in the IP box (again), then select "Copy".
5. Open NetSphere Client.
6. Right-click inside the "IP or DNS" box, then select "Paste".
7. Click on "Connect".


Server:
dropped files:
c:\WINDOWS\SYSTEM\nssx.exe      size: 284.160  bytes
c:\WINDOWS\SYSTEM\iosubnet.sys  size: 134 bytes 

port: 30100, 30101, 30102 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "NSSX" 

MegaSecurity