[HN Gopher] Back Orifice (1998) ___________________________________________________________________ Back Orifice (1998) Author : aphrax Score : 284 points Date : 2021-09-04 11:06 UTC (11 hours ago) (HTM) web link (web.archive.org) (TXT) w3m dump (web.archive.org) | bdcravens wrote: | Bots to scan all users for BO on IRC were common. I even was a | bit mischievous with it myself. Karma was served when I self- | owned - was playing with running the server to experiment but | forgot I left mIRC running, and in a minute my computer was | hosed. | christkv wrote: | Oh man brings back so many memories of messing with friends. | There was even a doom version that modeled monsters after system | processes allowing you to shoot and kill the processes and watch | them die | AnIdiotOnTheNet wrote: | psdoom still exists: | | http://psdoom.sourceforge.net/ | | Though I'm skeptical it was ever part of a windows root kit. | christkv wrote: | It wasn't a part but there was support for the back orifice | protocol. https://github.com/orsonteodoro/psdoom- | ng/blob/master/trunk/... | howmayiannoyyou wrote: | My experience with BO: | | Me: "I bet I can guess your password..." I said to a close | friend. | | Him: "No way. $50 says you can't". | | Another friend: "Stupid bet". | | Me: "eatme8" | | Him: <speechless>, turning red with rage. | | Another friend: "Holy shit". | | Needless to say my late 20's were a lot of fun, very little of | which I could do now without serious repercussions. | habibur wrote: | I was thinking of it recently. Does it still run on modern | Windows? Has anything new arrived as its alternate? | junon wrote: | I highly doubt it works these days. For a while there was Cain | and Abel (probably spelled differently) and a few other popular | RATs running around. | nsxwolf wrote: | Pretty sure someone used this to make my CD-ROM eject once, and | that was very disconcerting. | deusum wrote: | You mean the cup-holder? They were just being helpful. | shoelessone wrote: | Was Girlfriend similar to this? | anhanhanh wrote: | Back in the good old days we were sending this to random ICQ | users saying something like "hey I'm a game developer and made | this game, would you like to try it?". I'm not very proud of that | tbh. | richarme wrote: | What you could do was embedding the BO exe inside another exe | disguised as a jpg picture. When executed it would extract and | run BO in the background and also display a jpg. ICQ | conveniently didn't display the end of long filenames, so you | could send it as "xyz.jpg[20spaces].exe" and it would seem like | you just shared a picture. Worked like a charm the one time I | tested this technique on an unsuspecting friend during a LAN | party. | slim wrote: | Or use silkrope to bundle it with any other .exe | riffraff wrote: | if I recall correctly, you could attach this to other binaries | via silkrope so the receiver would be unsuspecting. | | I think we did it to a classmate once :) | ianhawes wrote: | Yes, now if you do that you end up with a 2000 word threat | analysis write up by a network security startup that claims | you're using sophisticated social engineering. | ironmagma wrote: | And a warrant for your arrest, probably. | saagarjha wrote: | Apparently people still do this on Discord. | decko wrote: | I wrote a similar tool to mess with my friends at the computer | lab at school (since back orifice, netbus, etc. would all be | detected by antivirus at this point). | | Years later, I was shocked when whatever antivirus I was running | detected it as a trojan through heuristics. I realize this is | pretty normal these days, but back then it felt like magic. | sdfhsdfhsfj wrote: | Netbus and BO got me in so much trouble as a kid (though honestly | I probably should have gotten in a lot more trouble). | | At school, all the windows machines were locked down with a | "security" application called Fortress. I started selling boot | floppies that would disable Fortress to teachers, and might have | loaded a few of those up with the aforementioned toys. | | At home, I don't think I paid for internet access at all until | well after college. A port scan of local ISP networks usually | yielded someone infected with netbus or bo, and I could snarf | their dialup credentials. | | While those exploits probably should have landed me in jail, the | worst that happened to me was an expulsion as a result of | somebody else bulk changing logo.sys across school. | tinco wrote: | That really is mischievous, as a kid I'd play around on the | schools computers which I felt were fair ground, though the | headmaster would probably disagree. The only time I was really | confronted was when I was warcycling around town, found an open | WLAN and just browsed for a little while, and then the owner of | the house came out and chased me away haha. | | I'd often read phrack even though I didn't really understand | programming yet, but there was this one issue that detailed how | to trick a bottle recycling machine into giving you unlimited | receipts, my local supermarket had the exact machine and I was | thinking about doing it to see if it would work, but chickened | out because I realized I'd actually be stealing from the owner | of the supermarket who everyone in the town was on first name | basis with. I always believed everything in the digital was | sort of fair play and was really shocked when people started | going to jail even for the dumbest thing like grey hat url | injection. | temac wrote: | There were tons of windows 95/98 computers with network shares | exposed to the internet with no or weak passwords. It was | really convenient to get their stored password list. | brassattax wrote: | My University had public, non-firewalled IP addresses in the | dorms... all one had to do was scan the IP ranges for the default | port for Back Orifice to have some fun. (The good old days) | gogopuppygogo wrote: | My first year at university I took over the student radio | program and found such a computer had been left online for | months directly connected to the internet. It was so pwned the | mouse would struggle to move. | | I wish to this day I'd imaged the hard drive before formatting | it. It'd have been so much fun to boot up in a VM to play with | today. | sedatk wrote: | BO was the only malware I got infected with on Windows. Back in | 99, some colleague had sent me an executable to try out (supposed | to be the portscan tool he developed), it did nothing so he said | "hmm ok". Later, my mouse started becoming erratic, I started to | make typos. I finally figured out what's going on when the CD | drive ejected itself and I shut off the computer. He later | admitted messing around. | Lapsa wrote: | oh I remember this one. opening CD tray remotely | Svperstar wrote: | lol we used to use Back Orifice to mess with friends on ICQ, | yeah, I'm old. I know. | mikeodds wrote: | I'd bet there's more than a few people here in respectable places | now that learnt to code through VB6, Delphi, python, Perl, PHP to | write rats and exploit code. | brassattax wrote: | tcl scripting for eggdrop bots too :) | Grazester wrote: | Yep in highschool it was all VB6 and back orfice shenanigans | nurettin wrote: | it was mainly delphi7, because the executables didn't require | suspicious dll dependencies. If you statically linked midaslib, | msvcrt was all you needed. | mkr-hn wrote: | Marco Arment (Overcast, Instapaper, Tumblr) on AOL proggies, | most of which were built on popular VB6 libraries made for that | purpose: http://articles.marco.org/44 | theshadowknows wrote: | A "fell off the truck" version of Delphi :) | gatorcode wrote: | Ahh the good old days. Learned to program with VB6 writing | progz for AOL. | tscherno wrote: | There is also Sub7 from the same period: | https://web.archive.org/web/20050401072114/http://www.hackpr... | cpach wrote: | And NetBus https://en.wikipedia.org/wiki/NetBus | Lammy wrote: | I love that the NetBus website is still online: | http://www.tcp-ip- | info.de/trojaner_und_viren/netbus_pro_eng.... | unixhero wrote: | All hail Netbus. It was so much fun. Those were good times. | Pranking and harmless fun. | surbas wrote: | Wikipedia would seem to disagree: | | > " However, use of NetBus has had serious consequences. In | 1999, NetBus was used to plant child pornography on the | work computer of a law scholar at Lund University. The | 3,500 images were discovered by system administrators, and | the law scholar was assumed to have downloaded them | knowingly. He lost his research position at the faculty, | and following the publication of his name fled the country | and had to seek professional medical care to cope with the | stress. He was acquitted from criminal charges in late | 2004, as a court found that NetBus had been used to control | his computer." | | https://en.wikipedia.org/wiki/NetBus | tmountain wrote: | And C:\con\con. Ah, memories. | jq-r wrote: | A former "friend" of mine in high school deleted my documents | including due school work with netbus or BO (don't remember | which one). It really was a shitty thing to do and he was | proud of it that I lost weeks of work. | | I got revenge couple of months later with a "screensaver" | that I've made in Delphi. In reality it would just "crash" | with some random error, but actually copy itself on multiple | places on the hard drive with windows sounding names, run | both as a service and some innocent sounding files etc. It | wouldn't show up in task manager. I could send and execute | whatever commands I liked. I've deleted his Diablo saves a | week later or so, and man he was livid as he wasted months | playing. He had no idea what happened as he had two AV | programs installed and he was confident it would detect a | trojan. | | Windows security at that period of time really was a | contradiction in terms. | ctf1er wrote: | Sub7 was a lot of fun. So many options. I will add to the | computer lab anecdotes. I gave this to my buddies at school who | were in the same crew(we mostly made VB 'proggies' for AOL,) | but of course two of them install it in the library computer | lab. I told them it's not illegal to have but is to use. They | mess with students even doing things like deleting essays being | written. The IT people figure it out and my buddies get | arrested and cut ties. They are expelled for a whole year and | when they come back can't use any school computers. Did anyone | ever figure out if there was a backdoor in the backdoor from | the maker? | | But that kind of stuff is what got me interested in computers | and programming back in junior high. Learned the basics of | control statements and OOP in a fun engaging way. I made an AOL | chatroom mailserver with sendkeys :D and later became more | advanced using APIs. These were very much like mIRC but AOL | hosted all the files so even better. There were private | chatrooms based on just making these things and prewritten | libraries floating around. Who remembers genocide.bas?(hey I | didn't name it) Anybody have these? I have copies somewhere on | a zip drive. | | Remember punters? In dialup days you could flood a person with | chat messages containing html heading tags that would slow them | down rendering to the point they could never catch up. Others | eventually found exploits that could crash the app on one | message. | | The Trojans for AOL were also pretty good. Would capture the | password field and once connected open an email in the | background and send it wherever, then delete sent. Back then | though you could as easily just say you are an admin and ask | someone for their password. Your whole neighborhood probably | openly sharing through netbeui. | | I think it's long enough ago to say I ran an FTP on mirc and | the password was like the 5th word on the xdrive free account | confirmation page. They started at $2 a referral and I bought a | nice 17" ViewSonic monitor to play Quake on in the 8th grade. | Other friends bought whole computers. Shut that down when the | FTP got hacked and I got a cease and desist letter for 3d | studio max, thought the law was coming to break down my door. | devin wrote: | I remember packing jpegs with sub7 payloads and sending to my | friends on AIM. The opening and closing on the CD tray is such | a classic prank. Best part was that given I was usually the guy | my friends and their parents called to fix their computer | trouble, I was getting IMs from all of them saying "my cd tray | keeps opening and closing". The reveal of the prank was great | except for when I must have done it for like 3 hours while my | friend's mom was using the family computer. She wasn't very | happy with me. | superkuh wrote: | Sub7 was hilarious with all of it's UI features like custom | skins. | grobbie wrote: | I can remember one called Code Red causing a bit of mayhem at | work not that long after. | | Interesting to read on Wikipedia that work on Sub7 resumed in | June this year. | jonplackett wrote: | I remember this - and using the same CD opening closing joke on | people in the college lab. The technicians had no idea what was | going on. I don't think they really knew anything about | computers - we once found a word doc on one of the computers | with every password for the entire college / website etc. | [deleted] | joemazerino wrote: | The good old days. I recall hearing the cDc going on the radio to | "announce" BO with some trite words about Microsoft. I thought BO | was fun but bo2k was really the bees knees of RATs. | AaronNewcomer wrote: | Yeah I remember one of these would allow you to somehow make a | jpg executable and then would download the full payload for the | rest of the tool. Image sharing over AIM and the like would make | direct connections when transferring so you had to look up their | IP address with netstat or something while the picture was | transferring to them. And then keep checking to see if they | actually installed/opened it. | [deleted] | washadjeffmad wrote: | The BO payload was so large that it was hard to inject or | distribute without pretty obviously being suspicious. | | A friend developed Fraggle Lite in ASM with separate versions for | the network adapter, which became the world's smallest RAT for a | while. I never found the Easter egg, but I do remember the | original password for our hardcoded users. I wonder if I still | have them somewhere... | richardfey wrote: | _That_ fraggle lite? | washadjeffmad wrote: | I guess? Gobo's? | dspearson wrote: | Had a lot of fun with bo2k and friends. cDc zines got me in to | hacker culture and probably contributed to my career trajectory. | readingnews wrote: | Ahhh the CDC. | weci2i wrote: | Seeing this thread and so many familiar stories makes me feel | right at home. Sub7 was my RAT of choice. My brother and friends | weren't very technical, but I taught them to use Sub7 so they | could spread the exe around to their friends and we could all | have some fun. We were all heavy ICQ users at the time. It wasn't | long before we discovered the ICQ send file box had a size limit | on the file name field. So you could, say, call the exe "pic-of- | me-nude.jpg .exe" with so many spaces in the file name before the | .exe part disappeared that most of our male friends would accept | it from a "random female" and run it without any hesitation. | Needless to say, we opened a lot of CD ROMS and listened in on | many chats. | stelonix wrote: | Ohh, that brings back memories! I didn't use BO, though I knew it | existed, but used sub7 and NetBus a lot. The person who taught us | (me and brother) to use it did the classic CD tray prank and then | rebooted out computer. I remember him telling us to who run a | command like _arp -a_ on the Windows terminal and we were | shitting our pants, so he triggered a reboot. | | Good times getting into friends' computers etc. | [deleted] | sparker72678 wrote: | Same as so many others here, I remember messing around with BO | with a buddy in high school days. Scanning IP addresses (I think | we just started bulk scanning addresses that matched his ISP | maybe?), browsing their files, taking screenshots... | | And yea, chatting about all this over AIM and IRC... ahhhh. | cdcarter wrote: | I can't recall if it was Back Orifice, or another "root kit tool" | of the time, but these tools are absolutely where I first saw the | allure and call of a custom telnet shell. I remember telnet-ing | into the control port and aggressively open/closing the CD-ROM | drive on my brother in the other room (among other pranks). | | Something about telnet-ing into a service gives that Great Hacker | Feel. You're at a command line! But it's not bash, or cmd.exe, | it's something specific to that rootkit. There's little easter | eggs. Some common escape codes might work, they might not. The | prompt changes as you use it. | | These days, I don't get many opportunities, but if I can add a | very simple line-oriented protocol to a side project I sure will. | rbanffy wrote: | I can't believe there's only one mention to Beto O'Rourke here... | | https://www.reuters.com/investigates/special-report/usa-poli... | theshadowknows wrote: | Mannnnn the nostalgia. I loved programs like this and Sub7c my | favorite was DivineIntervention 3 I just liked the interface and | thought the name was cool lol. I'd love to see what all the devs | of these things are up to today. Pri$m, if you're out there let | it be known that your work on DI3 is what got me into | programming! | atum47 wrote: | Glad to see I was not the only script kiddie here, haha. I used | them all: bo, netbus, sub7... To be honest back in my days it was | not as fun to hack somebody, digital cameras were expensive as | heck back then, people had just a few pictures on their computers | which they usually scanned, no webcams... It took me a week to | infect this girl I had a crush on, when I finally did all I found | on her computer was a bunch of mp3s. Well, at least I learned her | music taste. Not everyone had a computer back then. It was not | cannon as it is today. | | Soon after I wrote my first chat in Java, that use the same | principles of client and server. The server would even work with | telnet. Fun times indeed. | jahnu wrote: | You think it's fun to stalk women? | atum47 wrote: | By the way, why do you think social media is such a big deal? | Cause it's fun to stalk people. | | Stop trying to make things look sexist | jahnu wrote: | I'm sorry but you literally described breaking into | someone's computer in order to snoop on them. You expressed | disappointment that there were no photographs and you | closed with "fun times". I don't have to do anything to | 'make' this looks like abhorrent behaviour. | atum47 wrote: | No specific, it was fun because I had a crush on her. A | little bit after that I started dating a girl who went to the | same school as me, and she told me she and her friends would | look at the signing list at the library to see what I was | reading. Back then you had to checkout a book in order to | take it home with you from the library, and they used pen and | paper. | | I guess I was also stalked, just not digitally, haha. | radicalbyte wrote: | Oh the shenanigans I had with this at work. IT at the time were | pretty clueless.. at least until that time they hired a good | consultant who saw what we were up to :laughs: | hestefisk wrote: | I installed Netbus on the public computers at my local community | library. They ran Windows 98 and were connected directly to the | internet via a T1 / frame relay connection with a public IP for | each machine, no firewall. So I could sit at home and keylog | people's Hotmail passwords. Those were the days .... | znpy wrote: | I did set up a keylogger in a internet cafe. | | It used to log keystrokes but also the title of the window. | | Well... I wasn't looking for anything in particular, I was to | about 12-13 and just into computers and didn't even have | internet at home. | | Well to make it short, there was a lot of porn websites | visiting. At all times of the day. | | Which in retrospect is immensely weird considering this was a | public place. | pcblues wrote: | I had a big zip file of all my HPAVC files in one place from the | early nineties. Fast-forward to about 2005 when I was working in | corp and I needed a Win32 Disassembler for a particular task and | I knew where it was. As soon as the still-compressed zip file | hits my computer... well, my boss said my computer had 490 | viruses on it and counting. A VERY bad look that only trust got | me past. | Zelphyr wrote: | We used Back Orifice on a co-worker's machine in a call center I | worked at. While he was working we would open and close his CD- | ROM drive randomly. Restart his machine. All the while we're four | seats down just cackling and he's turning redder and redder as | his machine does all these weird things while he's trying to | work. | tmountain wrote: | We did that too. Someone almost got fired for it. | phkahler wrote: | I worked a call center over xmas season one year. During | training they had us call each other and place fake orders for | practice. I got call from the "hot chick" in the group, took | down her info and asked if could call the number later. She | responded in the positive. I never followed up 'cause I already | had a GF. But hey, pranking people is fun too! | flatiron wrote: | now-a-days i just put a wireless keyboard mouse adapter and | giggle as i move their mouse around and type on their screen. | vidarh wrote: | At university our computer labs were full of SGI Indy's. For | most people at the time it was the first computer they'd used | with a webcam. | | Every student could log into all the machines.... and access | the webcam remotely. | | Lots of messages to people telling them things like to stop | picking their nose when they were sitting somewhere they | thought nobody could see them. | | People learned to use the privacy shields on the cams very | quickly. | eloeffler wrote: | Here, have a free cup-holder! | neals wrote: | Some weird random anecdote about Back Orifice 2000 (BO2k) that | nobody asked for: | | We were goofing around in high school with this. Putting it on | computers in school and messing around. We sent it over to a | classmate. Her father was teachter and we figured she might open | it on their home PC. (we were 14 at the time, by the way). | | Anyway, we made a fake hotmail address in the name of another | classmate. These two people didn't share any classes and were not | in eachother little social circle. We sent a couple of emails | back and forth pretending to be the other guy but lost interest | along the way and nothing happend. | | Now for the strange part; forward 18 years or so. I'm in the | city, I run into the person who we were sending the messages | to... with the person who we were pretending to be. Married and 3 | children together. | | I'd like to think we brought them together in some strange way. | sarahjosh wrote: | In AOL Instant Messenger when I was in middle school I bulk | messaged a ton of accounts in some teen chat saying "Hi Sarah." | Most of them responded "I'm not Sarah" or similar but a few | replied "who is this?" I said "It's Josh." Most of them said "I | don't know a Josh" but one of them said "Hi" like she knew a | Josh. I then started talking to her and slowly got around to | telling her that I had a crush on her. She actually seemed | interested and she said she was going to come over to my house | to talk about it. Don't know how that ended but I hope it's | like your story. | HeckFeck wrote: | I had many 'randoms' added on MSN messenger. Usually acquired | through everyone inviting his complete contact list to one | conversation. We used to discuss all and sundry back then. | | I was always slightly more nervous messaging the girls | (obvious from their elaborate emoticon-saturated screen | names). | | Curiously, one of my friends had a contact named | 'korea@hotmail.com' who was always online but never replied. | | I sometimes wonder how many of them are doing now. | andai wrote: | > Usually acquired through everyone inviting his complete | contact list to one conversation. | | Man, those were the days... Most of my contacts disappeared | one by one (except for 2 which are my oldest friends now!), | and it seems like that kind of atmosphere (just adding | random people to chat) doesn't exist anywhere anymore, does | it? | dnsco wrote: | This made my day. | dheera wrote: | Back at MIT I had a script that would use "finger" to check who | was logged into various machines on Athena clusters (MIT public | computers) and occasionally send Zephyr messages to two | adjacent people, one saying "look to your right" and another | saying "look to your left" causing the two people to look at | each other. | | I like to think a lot of inadvertent introductions and | friendships might have been created by the script. | api wrote: | I'm a bit older and when I was about 14 or 15 I got into | assembly language DOS virus writing. This was in 1992 and 1993. | It's actually how I learned x86 ASM. I was involved with an old | school hacking (sense 2) group called Phalcon/Skism. Did other | fun stuff like "wardialing" with a program called ToneLoc. | | Anyway I wrote some viruses and dropped them in my high school | computer lab. Several ended up getting loose on the local | Cincinnati area BBS scene. One ended up in McAfee antivirus | pretty quickly so I assume it spread further. There was | basically zero security to stop such things back then. | | None of my viruses were designed to do real damage. They would | print stupid messages or change your color scheme to funky | colors, stuff like that. | | This was back when hacking (sense 2) and the computer | underground was about a mix of pranks and exploration. It's not | like today where it's all about serious crime and espionage and | the penalties are also serious. It's definitely not fun | anymore. | tylerscott wrote: | This reminds me of when I first discovered the Win32 API and | used it to write some silly annoying apps in Borland C++ | Builder. This was around 1998 and the worst I ever came up | with was a persistent pop up that was difficult to remove due | to some registry obfuscation. It had a single button that | would open the CDROM tray. I put it on every computer in the | lab. Good times. You're right--it used to be playful to hack | around. I miss those days. | andi999 wrote: | I just wanted to write it was a crime still back then and | take the example of the first worm in 1988 : | https://en.m.wikipedia.org/wiki/Morris_worm TIL: a Harvard | student named Paul Graham was quite close to Robert Morris. | It is a small world. | jlrubin wrote: | you might be interested in seeing the founders of yc | https://www.ycombinator.com/people/ | [deleted] | short_sells_poo wrote: | We played a lot of counter strike during my uni days and at | one point I created a prank program that disguised itself | as system.exe and listened for mouse movement. It would | then inject random but smooth error into the mouse | movement. I installed it on a friend's PC and it drove him | to white hot rage. I think he destroyed a couple of mice | before I owned up and bought him a new high end Logitech | laser mouse (which was a novel thing at the time). | pcblues wrote: | That's clever and awesome, in the true spirit of hacking. | HeckFeck wrote: | Have you ever happened upon the youtuber danoct1? He plays | with old DOS and Win32 viruses. | | https://m.youtube.com/user/danooct1 | | Perhaps one of yours has been featured! | scruple wrote: | Cincinnati was a lot of fun in those days. I was nearby, | though most of my "hacking" friends were in Cincy. | | Ever meet a guy who went by PADMaster? | squarefoot wrote: | Upvoted. Whoever downvoted you has likely never attended | certain universities, and clearly has never been in the | military. Doing things that are wrong and fun while still | being harmless requires creativity. | api wrote: | For it being called hacker news this place is very | conventional. It's better than /r/programming though. | ok123456 wrote: | Burning a 0-day exploit on changing people's backgrounds or | color scheme would be a good bit in 2021 | api wrote: | There just was little to no security back then. The entire | system was a permanent zero day. | | Computers were mostly not networked so the threat surface | was small, and like I said most hackers in the sense I | described were pranksters. Big money and power was just not | in it unless you were going after serious specialized | targets, and there were less of those and they were pretty | much all air gapped. | | Air gap was the only real security back then. Just don't | connect it and guard it physically. | GekkePrutser wrote: | People may not remember but the name was a pun on "BackOffice" | which was a Microsoft product at the time. | | https://en.wikipedia.org/wiki/Microsoft_BackOffice_Server | | Back Orifice was basically a rootkit avant la lettre. | luma wrote: | The Back Orifice logo was also a play on the MS Back Office | logo but with a goatse twist. CotDC were a cheeky bunch :D | slim wrote: | cDc (I'm not being pedantic but by stylizing it in another | way you're missing the penis joke) | speedgoose wrote: | Avant l'heure ? | luma wrote: | I ran some training labs full of desktop PCs around the time that | BO was released and it was a fantastic tool. It was free and | offered a wide range of features for remote administration that | win95/98 didn't have. I could power cycle, re-image, push install | .exes, control user accounts, etc all with a free tool. With BO I | had complete control of all systems in the lab at a time where | that sort of tooling for "legit" uses was prohibitively | expensive. | docflabby wrote: | For those not from the NT era the name derives from Microsoft | Back Office | https://en.m.wikipedia.org/wiki/Microsoft_BackOffice_Server | th0ma5 wrote: | I made a couple of plugins for this back in the day "butt plugs" | heh I can't remember what they all did but I think one was sort | of a proxy so that you could scan other networks with an already | infected machine. | j0eblow wrote: | This story sort of relates to BO and/or possibly other backdoors. | If anyone can help me understand the mystery of what happened to | me back around 2001 I would be forever grateful: | | I believe I was in 4th or 5th grade and one night, I was playing | Diablo 2 online with my cousin. My family was still using dial-up | at the time so I was using one line to play and the other line to | talk to my cousin on the phone. It was getting late and I was | getting tired so I told my cousin I was going to call it a night. | I exited Diablo 2 and continued talking to him on the phone. All | of a sudden, I noticed a window pop up on my screen and it read: | | "MASTER: what are you doing?" | | I immediately asked my cousin if it he was messing with me. He | proclaimed to not know what I was talking about and for a little | bit I didn't believe him. I clicked in the chat box and asked: | | "SLAVE: who is this?" | | Anytime I messaged back it labeled me as "SLAVE." Anyways, the | chat continued and the person told me to "look behind me." Mind | you I'm in the basement and there was nothing behind me besides | my dad's computer desk. This is where it got spooky: | | "MASTER: who are you talking to on the phone?" | | At this point, my cousin swore it wasn't him and I believed him. | I looked up at my monitor and chills were sent down my spine. My | mom had just given me a webcam for Christmas (I guess they had | just become popular) and it was at this point I realized this | person had been watching me this entire time. I panicked and | immediately pulled the phone cable from the back of my Dell. It | was hard to sleep soundly that night. | | Believe it or not, I'd like to think this person gets partial | credit for sparking my interest in computer security. From that | point on, a chain reaction started and I began to immerse myself | in security and became fascinated with learning about its | history. Today, I happily have a career in the field :), but I | still think back to this story from time to time and wonder what | exactly happened. | | Could it have been a Diablo 2 exploit? Maybe I joined someone's | hosted game, they were somehow able to get my IP address, and | then possibly exploited Windows XP? The chat window mechanism | seemed pretty unique to me (maybe I'm wrong) like this person | created it themselves. I'd be curious to read other people's | theories. Maybe the person that executed the attack reads this | post and can explain it all... :) | phendrenad2 wrote: | It's amazing how vulnerable Windows used to be. And despite that | it took over the computing world. Ah to live in the pre-internet | days. | themark wrote: | I installed this on a pc at work when it came out to see what it | could do. | | I must have forgot to shut it off because there was a gang of | security people in my office the next morning. | HenryKissinger wrote: | It seems you've been living ... two lives, Mr. Anderson. | ridaj wrote: | It's interesting that your place of work was loose enough about | security to let you install stuff off of the internet as it | came out, yet paranoid and skillful enough to actually notice | and get you in trouble the next day! | themark wrote: | I know what you mean. I recall that installing software from | the internet was rather novel in the late 90s. | jadams5 wrote: | Oh man, yeah also adding to the list of people that abused their | highschool computer labs with this. We had so much fun, but we | eventually drew the ire of the school IT admin. After class one | day the teacher took us aside with the admin and asked if we had | installed BO on the computers, which we of course denied... they | "believed" us, heh, but gave us a stern warning that whoever was | doing it should stop. We would have all probably ended up with | felony charges these days. | | The next year, so 1999, we actually got approval to attempt to | change our grades as an exercise. We actually managed to do it by | sneakily copying a floppy one of the teachers used to store their | grades with a program called Integrade. We took it home, reverse | engineered the password protection to disable it, changed our | grades on the copy, re-enable the password protection with the | original password, and turned that in as our proof. Our teacher | was impressed and super sketched out/nervous at the same time. I | guess they never considered we'd succeed and get access to the | whole class's grades... | xtracto wrote: | Tangentially related but, back in the late 90s in my first year | at BSc Software Eng. I got in trouble because I cracked the | password of a Win98 program called Protect-Z which put some | user controls I my Uni's labs machines. | | The funny thing is that when the person in charge of all the | labs found out I had the password, he asked me how did I get | it. When I explained to him about how I attached to the | protect-z process and debugged it to get the password , he | didn't believe it was possible. | | Great times... as someone said, these days you'll surely get | suspended or worse. | ryanmarsh wrote: | I was suspended from school for things like this circa 1997. It | was all relatively harmless but absolutely against the letter of | the law. I wonder what would happen today to a young person | exploring computer security and getting caught in shenanigans at | school. Would they go to prison? | deusum wrote: | The seemingly unconstitutional - but very common - practice of | trying minors as adults makes me uneasy for future security | "explorers". | davewritescode wrote: | This brings back fun memories of teenage mischief. Used sit | around IRC channels with mIRC scripts looking for people who had | the default BO port open. | | Between that and unsecured smtp relays that didn't limit the from | address, we had lots of fun. | malloc2048 wrote: | And Winnuke, when you knew an unsuspicious user without a | firewall (which was a necessity on IRC those days) saw his | Windows crash when the user left with error message: | "connection reset by peer" | peejfancher wrote: | I used to use this tool to mess with my college computer class | professor. Me and a buddy installed it on the teachers computer | that she used to instruct the class. We did mostly innocent stuff | like closing windows or messing with the browser a bit. | Occasionally we would reboot her computer when it was close to | the end of class and we didn't want to start something new. We're | both still coders to this day. | InvertedRhodium wrote: | I was 13 when it came out, and my targets of choice were my | peers rather than the teacher - I eventually got caught and had | my account locked for 6 months as punishment. I don't recall | exactly how I got caught, but no doubt it was something dumb | and avoidable like talking about it. | AnIdiotOnTheNet wrote: | I'm wondering if people like you have grown up to be the people | who break user interfaces needlessly, write cookie popups, | integrate ads and telemetry, and force updates on things that | don't need them. | | In other words, did you grow out of your childish shenanigans | or are you just getting paid for them now? | batch12 wrote: | Nah, some of us now use the knowledge gained to defend | against real threats. | richardfey wrote: | Doubt it. Those are introduced by your next seat hip frontend | developer | grubbs wrote: | I used to do the exact same thing to friends over AIM and | various computers at my HS. | | I now manage a massive HPC cluster for a world renowned | university. -\\_(tsu)_/- | S_A_P wrote: | Wrote about this as a college senior for my computer security | class. Spent a day or two in the TAMU computer lab with that site | prominently displayed... that was 22 years ago. I did set up 2 | computers to demo how this worked as part of the presentation but | never went much further than that. I seem to remember my report | including hypothetical ways to use a tool I think was called | silkworm or silk wrapper to disguise this as something else for | distribution. Time flies. | alexhawdon wrote: | Saran Wrap (https://www.itconsultancy.org/malware/name/saran- | wrap-1-0) | riffraff wrote: | I think it was silkrope[0] | | [0] http://web.textfiles.com/software/silkrope.txt | jdmoreira wrote: | This brings me many good memories of my script kiddie humble | beginnings. It all started with backoriffice and mIrc and slowly | it evolved to me wanting to run bitchX and eventually getting | into linux. It probably took me an year to go from being a | windows user to exclusively run Slackware and poring over Phrack | :) | hestefisk wrote: | Very much exactly my story! I also did mIRC scripting :) | riedel wrote: | Seeing the title of post I immediately felt sentimental. It | so funny to understand actually understand that so many | people were socialized with the same tools. I recently found | the tools compilation CDs my brother used to assemble with | all those tools. Having Back Orifice on a random computer on | the internet was somehow the first feeling what the internet | ment without knowing actually what to do with that. I | additionally remember spending hours on SoftICE (My biggest | success was to discover that the only license key to the | Siemens webwasher adblocker was 'Mr Nuts'.) I wonder if is | there similarly innocent things today's script kiddie's do. | k__ wrote: | I started programming with mIRC scripts too. | | I fondly remember writing an anime news bot, that scraped a | anime news site and spammed it into one of my channels. | | I didn't know what HTTP, HTML, loops, or even arrays where. I | copy-pasted everything from countless sources I found. | | Good times. | dnsco wrote: | mIRC scripting is why I'm a software developer today. | mhitza wrote: | Asynchronous message based programming before it became hip. | In an ungodly language nevertheless. :) | earthboundkid wrote: | Beto's greatest achievement. | pietromenna wrote: | Oh Gosh, many many memories of my script kiddie past. | beermonster wrote: | Wow. This brings back memories! | beaconfield wrote: | wow. this takes me back... | jmrm wrote: | Ah, yes. I used that to prank some friends when Windows/MSN | Messenger started to be a thing. Good memories :-) | buddylw wrote: | When I was in highschool in the late 90's, I was really into | exploring networks and systems I wasn't supposed to be in, but it | was always about learning technology for me. I found this tool to | be extremely creepy. | | I discovered that my local ISP had the finger port open on their | dialup gateway. Since usernames were first letter + last name I | could look up any ip addresses I found in my local firewall logs | basically by name. | | I saw someone trying to connect to this port and knew exactly who | was scanning for this and eventually found a honeypot listener | that would allow attackers to connect, but let you control the | data sent back. I can't remember exactly what I sent, but I | called out the attacker by name when he connected to my machine | and he never scanned me again | [deleted] | rojeee wrote: | I installed this on a bunch of school computers when I was 15 | only to open and close the CD-ROM bays to freak out the teachers. | This was the golden days of computing! | sneak wrote: | More fun was popping up obscene dialogs on the computer the | teacher was using to present to the class on the projector. | beaconfield wrote: | OK I have to say this: reading some of the comments here makes me | think I was actually friends with you back in 1998/1999 because | that's about when I was doing this same shit in my high school | computer lab. Small world. | jdalgetty wrote: | Oh boy! We used to have a lot of fun with this back in high | school! | anonu wrote: | Same. Nowadays kids get expelled for this! | AnIdiotOnTheNet wrote: | As more of our lives have become intertwined with computing | infrastructure, why shouldn't they be? If you routinely broke | classroom resources or messed with the HVAC you'd probably be | expelled too. | twodave wrote: | We used something like this in the early 2000s called Blade | Runner. Scary times on the Internet. | dominicjj wrote: | Rival company were compromised by BO. We found out and dialled | in. I watched documents being written remotely by a staff member | there. It was surreal. | | "Need to fill this detail in more for Heck blah blah..." | hermitsings wrote: | Today morning out of nowhere, this came to mind. Back Orifice. I | had a smile when I remembered the first time I read about it. | What coincidence its on HN today! Or is it? | _joel wrote: | Ah, the memories! I brought this into school and a few of my | mates wanted copies. Word got out amongst the teachers that there | was some program being used for shenannigans by the pupils. I | told everyone do delete it but some didn't realise it'd end up in | their recycle bin and the network admin found out. Saturday | morning detention material, luckily I didn't got caught :) | blablabla123 wrote: | There were some fun tools around at that time :) Also there was | this Windows bug where by default network sharing was open and | of course everybody used a modem so there was no NAT/FW in | between. So you could just connect to a random IP and see | what's on the disk. (I think there was a tool to find IPs with | just that port open.) | _joel wrote: | And lots of random messages via 'net send' | aqrre wrote: | BO reminds me of all new and shiny apps that are meant to "keep | an eye on kids&spouses" ... or maybe it's the other way around. | imwillofficial wrote: | I want to used BO to prank my mom. Having a background in | computers, once she realized what was happening she dove for the | network cable. I'd never seen her move so fast. | dvno42 wrote: | Like so many others here this really helped me gain an interest | in computers at a young age. It's sad to think that the shit most | of us did as kids for fun and learning would land today's | children in hot water. I lucked out in Jr High, after getting | suspended for 'hacking the school computers' as the computer lab | admin caught wind and really encouraged me to learn and provided | me with a lot of hands on experience that I may not have gotten | otherwise. Novell, thick net, etc. Good memories for sure. | tomc1985 wrote: | Not only that, but some in the modern generation seem to | genuinely see hackers as the scum of the earth | derwiki wrote: | I know it's a movie, but in Hackers they were also seen as | the scum of the earth: "Hackers penetrate and ravage delicate | public and privately owned computer systems, infecting them | with viruses, and stealing materials for their own ends. | These people, they are terrorists." | mobilio wrote: | I still remember it because was one of first RAT available. | pixl97 wrote: | There was another called something like netbus right after this | from what I remember. | devilduck wrote: | Not going to read anyone else's story about how they remember | this program, but this was a good program | bequanna wrote: | A few friends and I managed to install this on target machines by | starting a chain email and claiming the attached .exe was a | "virus patch". | | We would then port scan known IP ranges for our ISP to find a | machine we could connect to and play with. It was always fun | trying to determine who actually owned the machine we found. I | grew up in a small, rural community so it was actually possible | to figure this out. | | This lasted maybe a year or two around 98,99. A very nice memory | on a lazy Saturday morning, thanks for sharing! | fanick wrote: | I think the audience here would appreciate some stories on the | darknetdiaries.com. There are even several interviews with people | describing how they got interested in the IT security field in | their teens in highschool. Can't really recommend any specific | from the top of my head. | CTOSian wrote: | The golden era of the internet ;-} | bsksi wrote: | Nothing beats Cabronator | titoasty wrote: | Wow, so much memories! BO, Nervous, BitchSlap, mIRC scripts... I | also remember the famous NetBios hack at this time. Easy to do, | and you felt like a real hacker! Command lines instead of GUI! | That was an incredible feeling and it later brought me to Linux.. | and still on Linux (ok on Ubuntu, I'm a casu now :D) | SV_BubbleTime wrote: | NetBios... still out there giving gifts. We had a pen test a | couple years ago and the hackers were easily able to get | NetBios to use some old legacy feature to request user hashes. | From there just load them into a GPU heavy cracker and 50% of | our company user passwords in a few hours. | | The IT company at the time had no idea they shouldn't enable | netbios unless it was actually required for something. | sulmanen wrote: | Classmate got expelled from high school for installing this on | school computer | theshadowknows wrote: | My very first "school computer incident" was so innocent by | comparison for most people. | | I was maybe 11 and I was learning about batch files and I made | one named win.bat that printed "hello". Well I'm sure most | folks know what happened next time the computer rebooted | ...hello hello hello hello hello...and the computer teacher | said I had installed a virus and tried to kick me out of | school. Luckily I was only expelled from computer class for the | rest of the year. | richardfey wrote: | What an idiot computer teacher you had. They should have | catalysed your desire to learn and discover more. ___________________________________________________________________ (page generated 2021-09-04 23:00 UTC)