Commands
BOXP Commands ReferenceSimple CommandsPing Send a ping to the server. If the server is connected/alive, it will respond. Query Primarily sent by the client whenever it determines that it needs to synchronize itself with the server. Whenever a server-side plugin is added, the client sends this command to retrieve a new list of commands that the server is capable of. If you have auto-query turned off on the client, or you wish to synchronize the client, send this command to refresh things System CommandsReboot Machine Reboots the server machine. Asks no questions. This will kill your connection to the server. Lock-up Machine Makes the server machine completely unresponsive. The mouse will not move, and the keyboard will not work. Grinding halt. Also makes the BOXP server unresponsive and will kill your connection to the server after the protocol times out. List Passwords Under Windows 95/98 this lists the passwords that are stored in the Internet Explorer password cache. If you've ever checked the 'Remember My Password' box, your password will be available here. Under Windows NT, it performs a PWDump-like password hash dump, suitable for import into L0phtCrack. Get System Info Returns information about the system, including machine name and the capacity of the storage devices attached to it. Keylogging CommandsLog Keystrokes Captures the keystrokes that the user of the server machine types at the keyboard to a disk file. Also tells you what windows they typed the keystrokes into, so you can understand what they were doing. Parameters: Disk File (Required) - The full pathname of the file to put the keystroke logs into. End Keystroke Log Log Stops logging keystrokes. GUI CommandsSystem Message Box Puts up a dialog box on the server screen. The dialog box appears on top of everything else and makes a beep sound. Parameters: Title (required) - The text to put in the title of the message box. Text (required) - The body of the message that is in the message box. TCP/IP CommandsMap Port -> Other IP Binds to a TCP port and redirects all traffic to that port over to a different IP address. You can use this command to 'bounce' TCP connections off of the BOXP server. Parameters: Server Port (required) - The TCP port number that is to be redirected. Target IP Address:Port (required) - The destination of the port redirection. Map Port -> Console App Binds to a TCP port and redirects the standard input and output from a console application to the port. This can be used to simulate a 'remote shell'. Parameters: Port (required) - The TCP port number on the server to put the console on. Full command line (required) - The full command line of the program that you wish to execute. Map Port -> HTTP Fileserver Serves HTTP requests over A TCP port. The HTTP server allows you to browse the filesystem of the server machine and the local network neighborhood. The HTTP server can be 'rooted' at a particular directory in order to restrict which files people can download and browse through. Parameters: Port (required) - The port number to put the HTTP server on. Root Path (optional) - The optional root directory of the browsable filesystem. Map Port -> TCP File Receive Receives a file that is send to the chosen port via a raw send (such as with Netcat), and dumps it directly to a file. Useful as a quick-and-dirty, unencrypted, file transfer method. Parameters: Port (required) - The port number to receive the file on. Pathname (required) - The pathname to receive the file to. List Mapped Ports Returns a list of which ports on the server machine are mapped to which services. Remove Mapped Port Removes a mapped port, stopping whatever service it was providing. Use this to turn off a console app spawn, the HTTP fileserver, TCP File Receive, etc. Parameters: Port (required) - the port that the service you wish to stop was spawned on. Remove Mapped Port Removes a mapped port, stopping whatever service it was providing. Use this to turn off a console app spawn, the HTTP fileserver, TCP File Receive, etc. Parameters: Port (required) - the port that the service you wish to stop was spawned on. TCP File Send Sends a file directly from the server to a target machine via TCP. Suitable for send a file to another server running the "TCP File Receive" port service. Parameters: Source Port (optional) - The desired source port on the server from which to send the file data. If you do not choose a source port, one will be selected at random. Target Address:Port (required) - The target machine's TCP receive service address. Pathname (required) - The name of the file on the server to send to the remote machine. M$ NetworkingAdd Share Shares a machine resource on the server. Right now limited to drives/paths. Parameters: Pathname (required) - The pathname that you want to share to the world. Share Name (required) - The name that you wish the share to be known as. Remove Share Unshares a machine resource on the server. Parameters: Share Name (required) - The name of the share that you wish to remove. List Shares Lists which shares on the system are available and which paths/resources they map to. Also shows hidden shares. List Shares on LAN Enumerates the shares on the server's local network. Like network neighborhood. Map Shared Device Maps a share on a remote machine to a local drive letter. Much like 'mounting' a remote share. Parameters: Local Name (required) - The local name of the shared device (Drive letter). Remote Share Path (required) - The UNC Pathname to the remote share. Username:Password (optional) - The username/password pair used to share this device if the machine is in "share password" mode. Unmap Shared Device Unmaps a share on a remote machine from a local drive letter. Much like 'unmounting' a remote share. Parameters: Local Name (required) - The local name of the shared device. List Connections Lists which machines are connected to the server, using shared resources. Process Control CommandsList Processes Shows the process list for the server machine, with process names and process identifiers. Optionally on Windows NT, you can specify the name of an alternate Windows NT machine to dump the process table of remotely. Parameters: Remote machine (optional) - The machine name of the Windows NT machine to retrieve the process table of. Kill Process Abruptly terminates a running process on the server machine given its process ID. A list of process IDs is returned by the previous 'List Processes' command. Parameters: Process ID (required) - The process ID of the process you wish to terminate. Start Process Starts a process by running an executable file on the server. Parameters: Pathname and arguments (required) - The command line of the program to execute. Registry CommandsCreate Key Creates a registry key. Does not set a default value to the key. Parameters: Full Key Path (required) - The full path from the base of the registry to the key. The HKEY abbreviations are supported in the key path, for example: "HKLM\Software\Microsoft\Windows" is a valid key, where HKLM is an abbreviation for HKEY_LOCAL_MACHINE. Valid abbreviations are: HKCR,HKU,HKLM,HKCU, and HKDD. Set Value Creates and/or sets the value of a registry key. Parameters: Full Key Path (required) - The full path from the base of the registry to the key. See above for description. Type:(Value Name):Value Data (required) - This string is comprised of three sub-parameters: Type can be one of B,D,S,M, or E. Value Name is the name of the value, and Value Data is the type-specific data to be stored in the key. Valid data formats follow: B - Binary data type: Value data is formatted as a series of hexadecimal bytes. Eg: B:(rubber ding dong):CD C3 13 37 12 34 56 78 D - DWORD data type: Value data is either a hexadecimal dword (preceded by '0x') or a decimal dword. Eg: D:(booga boo):16823049 or D:(booga boo):0xD34DB33F S - String data type: Value data is an escaped C string. Valid escape sequences are the same as in C, such as \n, \r, \0, etc. Eg: S:(message):Bite my hand.\nYeah, you. M - MultiString data type: Value data is a series of escaped C strings, separated by a null character. Eg: M:(twomessages):Bite my hand.\0Also, bite your own.\0 E - ExpandString data type: Value data is a regular string that performs environment variable expansion. Eg: E:(path):c:\\mypath;d:\\yourpath;% path % Delete Key Deletes a key from the registry. Deletes all values and keys underneath the target key as well. Parameters: Full Key Path (required) - The full path from the base of the registry to the key. See above for description. Delete Value Deletes a value from a registry key. Parameters: Full Key Path (required) - The full path from the base of the registry to the key. See above for description. Value Name (required) - The name of the value within the key to delete. Enumerate Keys Lists the single-level subkeys of a particular registry key. Parameters: Root Key Path (required) - The full path from the base of the registry to the key you wish to enumerate subkeys of. See above for description. Enumerate Values Lists the values of a particular registry key. Parameters: Full Key Path (required) - The full path from the base of the registry to the key you wish to enumerate values of. See above for description. Multimedia CommandsCapture Video Still Captures a video image bitmap from a video capture device, such as a Quickcam, or external cameram, and saves it to a disk file. Parameters: Device # (required) - The number corresponding to the video capture device to capture from. A list of capture devices can be retrieved with the 'List Capture Devices' command below. Filename (required) - The full pathname of the BMP file to capture the video image to. Width, Height, BPP (optional) - The width and height of the image to capture, along with the bitmap bit depth. Defaults are 640x480x16bpp. Capture AVI Captures a motion video from a video capture device and saves it to the local drive (uncompressed). Parameters: Device # (required) - The number corresponding to the video capture device to capture from. A list of capture devices can be retrieved with the 'List Capture Devices' command below. Filename (required) - The full pathname of the AVI file to capture the video sequence to. Seconds (optional) - The number of seconds to record to the AVI file. Default is 5 seconds. Width, Height, BPP (optional) - The resolution of the video stream to capture, and the bit depth, Defaults to 160x120x16bpp. Play WAV File Plays a WAV audio file through the system default mixer. Parameters: Filename (required) - The full path name the .WAV audio file to play. Play WAV File In Loop Plays a WAV file over and over again. User won't be able to stop the sound. To stop the sound, use the 'Stop WAV File' command below. Parameters: Filename (required) - The full path name the .WAV audio file to play. Stop WAV File Stops whatever audio file is being played through the default mixer. List Capture Devices Lists the video capture devices in the system, giving each an index number to refer to them by. Capture Screen Captures the desktop screen to a disk file. Like pressing printscreen, pasting into a paint program, and saving to disk. Parameters: Filename (required) - The full path name of the file to save the screen image to. File and Directory CommandsList Directory Displays a directory listing of files, their dates and times of creation, and their sizes. Also shows attributes. Parameters: Pathname (required) - The full pathname from the filesystem root to the desired directory. Find File Given a directory and a wildcard file specification, recursively hunts down all files beneath or at the specified directory matching the filespec criteria. Parameters: Root path (required) - The full pathname from the filesystem root to start searching at. Filename Spec (required) - The filename wildcard specification to match. Accepts standard '*' and '?' wildcards. Delete File Deletes a file via its full pathname. Parameters: Pathname (required) - The full pathname from the filesystem root to the file to delete. View File Views the contents of a text file through the command response window. Useful for browsing small text files. Parameters: Pathname (required) - The full pathname from the filesystem root to the file to view. Move/Rename File Moves a file from one pathname to another. Renames a file if the paths point to the same directory. Can be used to move a file across filesystems and networked machines. Parameters: Pathname (required) - The full pathname from the filesystem root to the source file to move. New Pathname (required) - The full pathname from the filesystem root to the destination file. Copy File Copies a file from one pathname to another. Can be used to copy a file across filesystems and networked machines. Parameters: Pathname (required) - The full pathname from the filesystem root to the source file to copy. New Pathname (required) - The full pathname from the filesystem root to the destination file. Make Directory Creates a directory. Will only create one directory at a time. Parameters: Pathname (required) - The full directory name, ending in the directory to create. Remove Directory Removes a directory. Will only remove one directory at a time and will not remove files within a directory. Parameters: Pathname (required) - The full directory name, ending in the directory to create. Set File Attributes Sets the Attibutes to a given file. Parameters: Pathname (required) - The full pathname from the filesystem root to the file to change the attributes. Attributes (required) - The new attribute value to set. Can be one combination of the following string values: A - The file is an archive file. H - The file is hidden. It is not included in an ordinary directory listing. S - The file is part of the operating system or is used exclusively by it. R - The file is read-only. T - The file is being used for temporary storage. Receive File Creates encrypted/authenticated socket and receives a file over it. Uses a proprietary transfer protocol, but it's simple and its not FTP (phew!). Parameters: BINDSTR,NET,ENC,AUTH (opt) - The ubiquitous BOXP binding string specification. Specifies which port, network protocol, encryption type, and authentication type. Any field can be left blank to use the defaults. Pathname (required) - The full pathname to the file that will be received. Send File Creates encrypted/authenticated socket and sends a file over it. Uses a proprietary transfer protocol, but it's simple and its not FTP (phew!). Parameters: Address(required)[,NET,ENC,AUTH] (opt) - The ubiquitous BOXP connect string specification. Specifies which address to connect to, also specifies network protocol, encryption type, and authentication type. Any field except address can be left blank to use the defaults. Pathname (required) - The full pathname to the file to send. Emit File Creates encrypted/authenticated socket and sends a file over it. Uses a proprietary transfer protocol, but it's simple and its not FTP (phew!). The difference between 'Send File' and 'Emit File' is: 'Send File' connects to the given address and sends the file; 'Emit File' binds a socket, wait for one connection and sends the file. Parameters: BINDSTR,NET,ENC,AUTH (opt) - The ubiquitous BOXP binding string specification. Specifies which port, network protocol, encryption type, and authentication type. Any field can be left blank to use the defaults. Pathname (required) - The full pathname to the file to send. List Transfers Lists which transfers are active to which files over which ports. Lists transfers started with receive, send, or emit file commands. Cancel Transfer Cancels a file transfer either in progress, or one that has not yet started. Cancels transfers started with receive, send, or emit file commands. Parameters: Pathname (required) - The full pathname to the file associated with the transfer to cancel. Compress File Compresses a single file. Not compatible with the original Back Orifice Freeze File procedure, but employs slightly better compression this time. Parameters: Pathname (required) - The source pathname from the filesystem root to the file to compress. Output Pathname (required) - The output pathname from the filesystem root to the file to write the compressed output to. Decompress File Uncompresses a single file that has been compressed with "Compress File". Not compatible with the original Back Orifice Freeze File procedure. Parameters: Pathname (required) - The source pathname from the filesystem root to the file to uncompress. Output Pathname (required) - The output pathname from the filesystem root to the file to write the decompressed output to. DNS CommandsResolve Hostname Resolves a host name to a network address using a DNS query. Parameters: Hostname (required) - The hostname string to resolve. Resolve Address Resolves a network address to a hostname using a DNS inverse query. Parameters: Address (required) - The network address to reverse-resolve. Server Control CommandsShutdown Server Shuts the BOXP Server down completely. The server will lose all connections and will be unresponsive (cause it isn't running!). Parameters: DELETE option (optional) - If you fill this field in with the phrase 'DELETE', it will fully uninstall the BOXP server such that it doesn't run any more upon boot-up or login. Does not remove the actual installed file, however. It just won't run on startup. Restart Server Shuts down and restarts the BOXP Server. Useful if you have made any configuration changes or if the BOXP server has been corrupted or is behaving strangely due to poorly written plugins or whatnot. The server will lose all connections but will remain responsive once it comes back up. Parameters: Host process name (optional) - If you are running under Windows NT, and not as a service, you can choose to hop the BOXP server around between different processes' address space. This is of limited usefulness, but it does make you feel like the 'ghost in the machine'. Load Plugin As Image Dynamically loads an external BOXP plugin DLL, copying the DLL file intro the Process Memory. Runs all of the plugin initialization code and registers new commands with the server. The plugins loaded with this method, can't be loaded automatically in the next Server start. Parameters: Plugin filename (required) - The full pathname from the root of the filesystem to the plugin DLL you wish to load. Load Plugin Dynamically loads an external BOXP plugin DLL using a more debugger-friendly loading method. This method requires that the DLL is a standard Windows DLL, but allows for debugger interaction with the plugin. The plugins loaded with this method, can be loaded automatically in the next Server start (only if .ini support is enabled). Parameters: Plugin filename (required) - The full pathname from the root of the filesystem to the plugin DLL you wish to load. List Plugins Gives a list of which BOXP plugins are currently loaded. Remove Plugin Unloads a plugin via its plugin number. Plugin number is determined from the output of the "List Plugins" command. Parameters: Plugin # (required) - The plugin number to unload as returned by the 'List plugins' command. Start Command Socket Starts up a BOXP command socket that a client can connect to, authenticate with, and send encrypted commands to. Parameters: [NETMOD][,ENC][,AUTH] (optional) - the network module, encryption, and authentication settings for the command socket. If any of these are left blank, defaults are used. [Bind Str] (optional) - The binding string for the command socket. This is optional, but is usually filled in. If it's not, then the default binding string is used. List Command Sockets Lists the command sockets that the BOXP server has made available. Lists socket information along with the internal 'command socket #'. Stop Command Socket Shuts down a BOXP command socket. This can be used to shut down all sockets, btw. And that's probably not a good idea. Parameters: Command Socket # (required) - The number of the command socket to shut down, as returned by the 'List Command Sockets' command. List Configuration Variables Lists the configuration variables registered by the BOXP Server and the plugins. Set Variable Value Changes the value of a configuration variable via its variable number. The variable number is determined by the output of 'List Configuration Variables' command. Parameters: Variable # (required) - The variable number to change his value, as returned by the 'List Configuration Variables' command. New Value (required) - The new value to set to the variable. The value must be compatible with the variable's type. List Threads Returns a list of threads that are register in the BOXP Server. The Status of the threads can be: Running, suspended and stoped. Stop Thread Terminates the execution of one thread via its Thread ID. The thread ID is returned by the 'List Threads' commnad. Threads with status suspended also can be stoped. Parameters: Thread ID (requiered) - The thread ID to stop as returned by 'List Threads' command. Start Thread Starts the execution of one thread routine via its Thread Name. Only can be started with this command the threads with status stopped. Note: Only the main plugin threads could have status stopped, the rest of threads are deleted form the list when are stopped. Parameters: Thread Name (requiered) - The thread name to start as returned by 'List Threads' command. Suspend Thread Pauses or continues the execution of one thread via its Thread ID. The thread ID is returned by the 'List Threads' commnad. Parameters: Action: Suspend=0 or Resume=1 (requiered) - Specifies the action to do: suspend or resume the execution of the thread. Thread ID (requiered) - The thread ID to suspend/resume as returned by 'List Threads' command. |
| Last Modification: Mon 5 2005f September, 2005 [16:45] by Administrator. Hits: 1832 |