phAse zero v1

phAse zero v1.0
version 1.0 beta
(c) 1998 Njord of Kr0me Corp

phAse zero is remote administration tool composed of a server running on all current win32 platforms (windows NT / windows 95 / windows 98), a graphical user interface (GUI) and an installer.

Some of the features of this first release (1.0 beta):

o integrated remote ftp client
o remote file system control
o spawning of processes
o functions to manipulate the windows registries
o restricting access to the phAse server via IP masks
o configurable registry/executable name and server port

In order to install phAse zero on a server, copy the three exe files (setup.exe client.exe phase.exe) to a directory and run setup. a dialog box will appear; if you don't want to change the default settings for the registry, click on 'yes' to proceed. next, you will be prompted for the port to use (default is 555) and an optional IP mask. if you specify the IP mask, only users from a certain host will be allowed to access the
phAse zero server. you can leave this field blank if you don't need access restrictions.

These are all valid IP mask formats:

123.45.67.8
123.45.67
123.45.6
123.45.
123.45
etc.

The installer will write to the windows registry and install the server's executable (one file). then control is returned to the user. please note that the executable file size is random.

if you need further "security" you may change the default registry keys (key name and file name) using setup.exe.

Once the server is installed, it runs hidden from the tasklist and the taskbar and uses CPU time only when needed.

To activate phAse from remote, use the GUI interface (client.exe). you just need to enter the server's host name or IP address and the port that you have chosen during the installation (the default is 555).

Now, click on OK. the server will respond with its version name and number.

Select the command you want to use and click on it: one or more parameters (edit boxes) will be activated if necessary. fill in all the required parameters and press the SEND button.

To terminate the current session, you can either click on OFF or enter the "terminate session" command (followed by the SEND button).

These are all the commands currently implemented in this version of phAse zero, along with their parameters:

FTP UPLOAD
<user> <pass> <host> <local file path> <remote path> <remote file>
tell the server to upload the specified local file via ftp to remote path

FTP DOWNLOAD
<user> <pass> <host> <local file path> <remote path> <remote file>
tell the server to download the specified remote file via ftp to local path

EXECUTE
[s|h] <file path>
execute a file (S=show window, H=hide window)

CHANGE DIRECTORY
<directory>

LIST DIRECTORY
<path and mask>
a file mask is required, path is optional (example: D:\WINNT\*.*)

CREATE DIRECTORY
<directory>

REMOVE DIRECTORY
<directory>

SHOW CURRENT DIR

COPY FILE
<input file> <output file>

MOVE FILE
<input file> <output file>

RENAME FILE
<old file name> <new file name>

DELETE FILE
<file path>

TYPE FILE
<file path>
type the specified text file

HEX TYPE FILE
<file path>
shows an hexadecimal dump of the specified binary or text file

SHOW DIALOG BOX
<message>
shows the specified message into a dialog box on the server

LOCKUP SERVER
locks up the server

TRASH SERVER
trashes the server and locks it up

REG CREATE KEY
<key>
create the specified registry key

REG DELETE KEY
<key>
deletes the specified registry key

REG DELETE VALUE
<key>
deletes the specified registry value

REG CHECK KEY
<key>
determines if a key or a name exists

REG SET CURRENT KEY
<key>
sets the currently open registry key

REG READ KEY VALUE
<key>
read the specified key's value

REG WRITE KEY VALUE
<key> <value>
creates or updates the specified key and associated value

REG LIST KEYS
lists available keys in the currently open key

REG LIST VALUES
lists available values in the currently open key

TERMINATE SESSION
terminates the current session only

UNLOAD SERVER
terminates all connections and unloads the server

Please note that this is the first public beta of phAse zero, and it is by no means complete. possible future additions: file sharing support, stealth key logging, media player, integrated port and host scanner, plugins, etc.

(C) 1998 by Njord of Kr0me Corp.
All rights reserved.