Back Orifice

I recall Back Orifice from the late 1990s. It sounded like a really ominous program. It was initially released at DEF CON 6 in 1998. It was hyped as a remote system administration tool. But make no doubt. This thing is a rootkit program. The author was Josh Buchbinder, who went by the handle Sir Dystic. He was from the crew called the Cult of the Dead Cow.

Back Orifice is actually works as a pair of two programs. There is a server that runs on the infected machine. Then there is a client. There are two versions of the client: a GUI version and a console version. The name is a spin on the Microsoft BackOffice Server. The goal of the program was to demonstrate how weak security was in Windows 98.

The original Back Orifice program could compromise Windows 95 or Windows 98 targets. It was written using Microsoft Visual C++. The program does not show up in the Windows task list. It will rerun when the computer is restarted. It has many uses. It can manage files, processes, and the registry of the target machine. It can log keystrokes. It can send/receive files.

There was a sequel program called Back Orifice 2000. It supported other versions of Windows like Windows 2000, Windows NT, Windows XP, and Windows Vista. Strange that Windows NT could so easily be owned. I was actually hesitant to put this program on my own machine. Maybe it is time to spin up a virtual machine that I don't care about to do my testing.