You are on page 1of 5

--------------------------------------------------------------------------------

����������������������������������������������
� �
�������� ����������������������������������
� � ����� ����� �������������
� � � � � � � �
� � � ����� � � ���������
� � � � � �
� � � � � �
� � � ����� � � ���������
� � � � � � � �
������ ����� ����� �������������
����������������������������������������������
� The Hacker's Choice �
����������������������������������������������
--------------------------------------------------------------------------------

REMOTE ACCESS BBS HACKING TOOLS

by Skywalker [F/S]/[THC]

I. Preface
II. Overview
III. RAHACK
IV. RA_CRC
V. RGETF
VI. RATROJAN
VII. Last Words

I. PREFACE
---------------
Remote Access has become the 2nd most used BBS Software for the PC
(after PcBoard). It is mainly used for Filebase-Oriented mailbox
services and Fido/Shareware BBS. The actual version is v2.5
These fine tools will help you to hack those systems.
Have fun and don't do anything illegal with it ;-)

NOTE: Be EXTREMLY careful with RAHACK.EXE!


1st it's a virus and a desinfector isn't in this release ;-)
2nd It is very powerful and can hack nearly any PC based BBS Soft!

All these tools were coded by Skywalker from [THC] | [F/S Labs Inc.]
except RATROJAN.ZIP which was send in by another user.
(sorry, I apology, I forgot who it was - please email me and I'll update that.
You didn't put your name anywhere ... *sigh* ... [van Hauser])
II. OVERVIEW
---------------
These are the three tools to help you getting a RA BBS hacked :

RAHACK.EXE - A Virus which hooks on the serial port interrupt


and watchs for special keywords.
Needs INFECT?.DAT files.

RA_CRC.EXE - Cracks the passwords from USERS.BBS. You can either


use bruteforce or do a dictionary attack.
Needs CHAR.SET for BF.

RGETF.COM - Dumps a file to stdout.


Uses FRESTORE.EXE to get a file back.

RATROJAN - A ZIP File containing the RATROJAN.EXE (the trojan maker)


and the Trojan Data File.

III. RAHACK
---------------

RAHACK is a simple program to hack boxes that run under Remote Access.

It's function is really easy to understand:


If it is installed to the target system (the bbs),
it will check every second the contents of the videoram.
In fact only the word before the cursor is relevant.
Let's call this word KEYWORD.
There are 3 keywords:
'checkboxports', 'iamtheboss', 'givegodmode' (all in lower case).

Let me explain the meaning of those keywords........

checkboxports : If this keyword is in front of the cursor


the TSR will output the com port number to
every existing port (due to the BIOS entry)
e.g.: to com port 2 a '2' will be written....
this allows you to get the com port the modem is
connected to.

iamtheboss : This keyword must be typed in after a valid


number (1,2,3,4), which represents the current
com port. After the word is identified as valid,
at the local console (bbs) will be typed:
ALT-J (to jump into DOS-shell)
followed by 'ctty comX' where X is the number
you typed before the 'iamtheboss'.
So the stdio is redirected to your port ...
You will get to the DOS prompt. So go on and
get the sysop's TM.FON (just TYPE it !!!).
e.g.:
you find out that you are connected to COM 2
(by using checkboxports) you just type:
2iamtheboss (do not press CR)
====> C:\RA> hehehe.....

to get back to the bbs do the following...

ECHO ctty con > xy.bat


ECHO exit >> xy.bat
XY.BAT

givegodmode : this one will type ALT-S, 6, 5, 5 ,3 ,5 , CR


at the bbs console (jump to the security menu
and set current user to sysop level). ;)

Just try the iamtheboss at telemate via null-modem (it's


the same ALT-J)....

Okay... this is really nice... but how to install the TSR to the
bbs ??? This is managed by a little(?) virus....
There are generaly two sorts of viruses to install at the bbs:

1. Generic EXE Infector: This one will infect nearly all EXE-Files
Except files that start with
'sc', 'cl', 'tb', 'fp' or 'f-' to avoid infecting
McAfee, tbav or fprot utilities. As one of the
the first files it will try to infect c:\dos\smartdrv.exe.
It will not infect read only files.
Not all files will work if infected
(e.g. dpmiload from bc35) so the sysop will
recognize this virii even it is not detected
by McAfee's scan, tbav or fprot. I also included
a small code that will not allow to clean an infected
file by heurestic clean of tbav (this one is only for lamers).

2. Target Oriented Infector: This virus only infects ONE specified


EXE-File. It will infect the target even it has the read
only flag set. use it e.g on C:\dos\smartdrv.exe ...

so ... to attack a BBS take a fake file and type

RAHACK fakefile.exe
this command will append the generic exe infector to fakefile.

RAHACK fakefile.exe target.exe


will append the target oriented infector to fakefile.exe.
the target will be target.exe (with full path).

Okay... some more information...


The virus will install itself in memory and hide by reducing
the basememory size. It will hook int 08h for the timing and
int 21h for infection. The commands at the bbs are written directly
to the keyboardbuffer. It is not the best virus but it works...

I also included a sign for tbav's tbscan.


so just be careful with the generic exe infector.... puh...
it is really awfull to clean an infected system.....

NOTE: The 'iamtheboss' keyword will also work on many other BBS
types which are PC based ... nearly all BBS use ALT-J to
do a Jump-2-DOS ...

IV. RA_CRC
---------------

RA_CRC - Remote Access 2.x password hacker.

If you hacked into a RA board just leech the USERS.BBS


and try to get the users pwds by using this util...

It's just working with a simple crc32 calculation routine.


I included the crc32 table for those who want to write their
own hacker...

NOTE: If you use a wordlist be sure all characters are in upper case !!!

V. RGET
---------------

use this to get files from the remote system if only stdio of remote
is available.

SYNTAX: rgetf filename.ext

it will dump the file (hex) to stdout.


just log all... then use frestore to get the file back.
SYNTAX: frestore logfile.ext outfile.ext

VI. RATROJAN
---------------

A nice easy Trojan Maker.


All you need is a COM File you want to infect and the Username you wish
to modify once the infected file is executed by the Sysop.
You can change your Level, Credits, A-D Flags ...
You *should* compress the file after that in a way it can not be
uncompressed easily ... because the data isn't hidden in the COM file.

[I left this in the original ZIP archive the author sent me because I
don't know his name anymore - sorry for this.]

VII. Last Words


---------------

Be careful with these tools and don't play with them.


Please don't just hack a BBS and format the harddisk, by this
you only prove that you are still a 10 year old kid.
A Sysop has much work with his BBS and users also participate
that a bbs is successful. By crashing one BBS after another
1st you put the BBS scene down (which already has got
problems to stand against the internet) and 2nd put a bad,
bad light on us - the Hackers ... so follow the hacker codex
and have fun ...

--------------------------------------------------------------------------------
����������������������������������������������
� �
�������� ����������������������������������
� � ����� ����� �������������
� � � � � � � �
� � � ����� � � ���������
� � � � � �
� � � � � �
� � � ����� � � ���������
� � � � � � � �
������ ����� ����� �������������
����������������������������������������������
� The Hacker's Choice �
����������������������������������������������
--------------------------------------------------------------------------------
#

You might also like