12345678_1_2345678_2_2345678_3_23456789_4_2345678_5_2345678_6_2345678_7_2345678_8

Butt Trumpet, a Buttplug-in for BackOrifice
~~~~ ~~~~~~~
Version 1.1
Concieved and Written by Brian Enigma <enigma@netninja.com>


Abstract
~~~~~~~~
    I just got back from DefCon 6.0 and witnissed all the hype and fanfare for
BackOrifice.  If you do not already know how cool and wonderful BackOrifice is,
you will have to go to http://www.cultdeadcow.com to witness it in its full
glory.
    The idea was brought up during the Back Orifice "show" of having an 
installed BO server contact its installer to notify him/her of its location.
This has wonderful application to Usenet newsgroups!  You do not need to know
who your victims are--you would simply post the executable and anyone lame
enough to run it would have their computer automatically spew out a message
stating "I'm wide open" to some predetermined email address.
    Sounds like a good idea, right?  The CDC had previously thought of this
idea, but shot it down--their point being that you do not want ANYTHING in
there that might point back to your home email address or IP address.  This is
an entirely valid point.  Sure, you or I might use an anonymous remailer.  But
for every one of us, there are dozens of HaPpY hAx0rZ out there who have never
heard of an anonymous remailer, who would not read the directions, and who
would blindly put in their my_daddy's_name@AOL.COM email address.
    So, in this light, I am releasing the Butt Trumpet Buttplug-in for Back
Orifice.  Use it wisely, use it well, use it at your own risk.

Description
~~~~~~~~~~~
    Butt Trumpet is a DLL plugin for Back Orifice.  It is launched when BO is
launched.  Once running, it checks to see if it has successfully run and send
an email message in the past (by checking a registry key.... 
HKLM/SOFTWARE/NinjaSoft/BT/RunSuccess for those that care).  If it has
successfully sent a message in the past, it quits.  If it has not, it attempts
to connect to a predetermined SMTP server (see setup instructions below).  If
Butt Trumpet has problems connecting to this SMTP server, it goes into a sort
of "Sleep Mode" for 5 minutes and tries again.  This keeps happening until
BO and BT are told to terminate (shutdown/reboot) or until it successfully
connects (at which point, it writes to the above registry key, so that multiple
messages are not sent).

Installation
~~~~~~~~~~~~
    Installation is quite simple.  Simple use BOConfig, as you would at
any other time.  When you get to the question
 "Default plugin to run on startup"
Simply type in:

 bt.dll:_start

(or whatever you have renamed it to).  The item before the colon is the
file name to run.  The item after the colon is the exported function to
run (which must be "_start").
    The next question
 "Arguments for plugin"
should be an SMTP server name or numeric IP address, directly followed by
a comma, directly followed by an email address.   WARNING: Use a "dropbox"
email address and not your own!  Try looking up anonymous remailers on
Yahoo.  You could also try HotMail or Yahoo Mail--only they usually log 
your incoming IP address when you come to pick up mail.  An example is:

hotmail.com,deadcow@hotmail.com

    Next, you will have to attach the DLL to the installer.  "File to
attach" should bt BT.DLL (or whatever it has been renamed to).  "Write
file as" should probably be the same.

Source Code
~~~~~~ ~~~~
    Source code is included.  Please be kind.  I'm still recovering from
DefCon and this was my first attempt at writing a "bare-bones" straight C
Windows DLL that does not use the big, bloated MFC libraries (meaning...no
external DLL dependencies except for the WinSock DLL's...and small, fast
code--about 70K in size).  Any bug reports or code suggestions would be
appreciated, and may be sent to enigma@netninja.com.

Conclusion
~~~~~~~~~~
    Have fun.  Do not cause too much trouble.  Thanks, CDC for making such
a great "tool."
