Despite being over seven years old, Back Orifice 2000 (BO2k) remains widely used and actively maintained. First introduced at DEFCON 7, an annual security conference held in Las Vegas, BO2k is The Cult of the Dead Cow's follow-up to the wildly popular Back Orifice Trojan. Though now touted as a legitimate remote administration tool, B02k appears to me to be a purpose-built backdoor. Requiring its own client, the BO2k server runs on Windows-based operating systems from Windows 95 to Windows 2000 and XP. The client required to interact with the backdoor was ported to several operating systems, including Linux. Even an IRC-capable client was released, allowing another layer of separation between the backdoor operator and target host and further independence from a specific client operating system. Being designed as a backdoor, BO2k offers some key features worth mentioning:
By using the supplied interface, BO2k is easily configured and packaged for use as a backdoor. Once configured, the server is packed as a binary that needs only to be transferred to the target and executed.
BO2k makes it very easy to manipulate, execute, and transfer files to the server.
Control of the system is made easier by a number of bundled tools that provide the following:
Keystroke logging
HTTP server
Process control
Control of network connections
Registry editing
Support for plug-ins that modify the server's behavior allowing for many improvements, such as stronger encryption and upgraded interfaces.
After years of development, there are too many plug-ins and clients to write about; however, several of BO2k's more popular and powerful plug-ins are discussed later in BO2k Powertools while demonstrating advanced configuration of BO2k.
For more information on Back Orifice 2000, visit the following sites:
Official home of BO2k on the Web. See http://www.bo2k.com/software/bo2k11.html for BO2k core files and a stable plug-ins download page.
BO2k development code site. Contains updated versions of many of the plug-ins. (These are hit-or-miss, as some are much improved and others require a lot more work to be stable.)
Web site of the originators of BO2k.