issuhub.com

CEH

(Jeff_L) #1

200 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels


An In-Depth Look at BO2K

Whether you consider it a Trojan or a remote administrator tool, the capabilities of BO2K

are fairly extensive for something of this type. This list of features is adapted from the

manufacturer’s website:

■ Address book–style server list

■ Functionality that can be extended via the use of plug-ins

■ Multiple simultaneous server connections

■ Session-logging capability

■ Native server support

■ Keylogging capability

■ Hypertext Transfer Protocol (HTTP) file system browsing and transfer

■ Microsoft Networking file sharing

■ Remote registry editing

■ File browsing, transfer, and management

■ Plug-in extensibility

■ Remote upgrading, installation, and uninstallation

■ Network redirection of Transfer Control Protocol/Internet Protocol (TCP/IP)

connections

■ Ability to access console programs such as command shells through Telnet

■ Multimedia support for audio/video capture and audio playback

■ Windows NT registry passwords and Win9x screen saver password dumping

■ Process control, start, stop, and list

■ Multiple client connections over any medium

■ GUI message prompts

BO2K is a next-generation tool that was designed to accept customized, specially

designed plug-ins. It is a dangerous tool in the wrong hands. With the software’s ability

to be configured to carry out a diverse set of tasks at the attacker’s behest, it can be a

devastating tool.

BO2K consists of two software components: a client and a server. To use the BO2K

server, the configuration is as follows:


  1. Start the BO2K Wizard, and click Next when the wizard’s splash screen appears.

  2. When prompted by the wizard, enter the server executable to be edited.

  3. Choose the protocol over which to run the server communication. The typical choice
    is to use TCP as the protocol, due to its inherent robustness. UDP is typically used if a
    firewall or other security architecture needs to be traversed.

  4. The next screen asks what port number will be used. Port 80 is generally open, and so
    it’s most often used, but you can use any open port.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.