		RCR (Remote Command Router) Bot for IRC
Version 1.1		By Zhenya

Disclaimer: I take no responsibility for any action by any 				individual or group which involves the use of RCR. (this plug-in was 	intended for non-malicious uses... originally... hehe:)

RCR Bot is a plug-in for Back Orifice(BO by cDc). It is an IRC client, Channel Bot style. The client is fully customisable and once installed on the BO'ed machine and logged into an IRC server, it is remotely administrable through the IRC /msg or /query commands. Any command sent to RCR can be routed to the IRC server. Ident server is now present. See Bug Fixes and Additions for V1.1 features.

Features:

* Started/terminated with Plug-in execute/kill BO command

* Fully custamisable parameters (eg. IRC nick, IRC channel)

* Wildcard support in parameters. "I*Rule" for a nick for example would generate a nick with "I<4 rand chars>Rule". ie 4 random characters are inserted. If # is used instead of *, random numbers are inserted. If you use wildcard randomiser on all RCR parameters, there is less chance of IRC opers detecting RCR is a bot.

* Primitive "Speakeasy" script support. The IP of the host where BO was installed is displayed in the channel periodically if script feature is turned on (see "script" command. A custom message can be displayed after the IP. Also the "IP" command to the bot can be used to reveal the IP in a private message. This is usefull when you don't want anyone in the channel to know about the bot, but want to see the IP because some servers mask the IP of clients.

* Remote bot administration performed by sending /msg commands to the bot. It is possible to turn script on/off and change password to RCR bot (not BO)

* Fully functional message router. Any message typed to RCR, provided it is not a command to RCR, will be sent to the IRC server ie. Its possible to make RCR bot do anything that you could do with your own client (change nick, say stuff etc.) See notes about IRC commands. Any message coming to RCR can be routed to your own client in the /query window. This feature is turned on by the "router" command to RCR bot.

* LOG function allows to log any data coming to the RCR in a file so u can log people trying to talk to it and channels it is in. Filtering function also provided, so you can select which messages to log eg. You can select to log only messages from servers and such.

* One user at a time (hence no take overs). When one user has activated RCR by messaging the password, no user may engage the bot. 

* CTCP protocol installed. All CTCP requests to RCR will be answered. The version of the client will be reported as mIRC. This feature makes it very hard for opers to identify RCR as a bot.
 
* Support for ALL IRC servers. This version has its own ident server installed.


Bug Fixes and Additions in V1.1:
* Logging keeps going when the connection with the bot is closed and the owner has logged off.
* Bot connection is closed when the plug-in is shut down from BOGui.
* The plugin loads everytime the server's machine is reset and reconnected to the internet.
* When the bots nick is changed too fast and the server gives the old nick back and says to wait, the bot no longer loses control (whole routine restructured).
* When internet connection is broken and re-established, the plugin re-connects to IRC server.
* When the connection to the actual IRC server is broken (like the bot is killed for whatever reason), plug-in also attempts to reconnect.
* After the connection to IRC server is broken abruptly, the nick will remail registered on the IRC server. RCR will attempt to connect untill the nick is ping-timed-out.
* RCR will not keep popping up the "Connect to Internet" Windows box every time the computer is restarted (giving BO away) but will wait for the connection to be established by the host.
* During Logging process the date and time is recorded before each message.
* The CTCP reply for TIME is in correct format (v1.0 had the day of the month missing)
* Ident server is now present, so RCR will be able to log in undetected to ANY IRC server
* CHANNEL command added. Commands to RCR may now be issued from the channel so multiple bots in the channel can be controlled at once.
* VER command added that displays RCR version number and the commands it supports
* <proxy connection> parameter added. If the system that RCR is installed on is connected to the internet via a network proxy, this option must be "on". In that case Dial-Up connection status check will be by-passed by RCR.
* <ident enable> parameter added. If the desired IRC server does not issue ident requests then this option muct be turned off. Normally its on.
* For people who didn't realise, in RCR parameters, a channel key maybe specified after the channel name. This way, noone but your bots will be able to join that channel.


RCR Installation:

RCR.DLL is attached to the BO server as follows:

Plug-in to run on start up: rcr.dll:_rcr

Arguments: 
<IRC server>:<port>:<IRC channel>:<IRC nick>:<IRC user id>:<host name>:<server name>:<IRC name>:<password>:<ident enable>:<proxy connection>:<script status>:<message>

File to Attach: rcr.dll
Write File As: rcr.dll

NOTE: Due to unknown phenomena, sometimes it is neccesary to run BO server file twice on the BO'ed machine before it installs and deletes itself.


RCR Operation:

RCR argument field explanation:
Every option must be separated by a colon (:). Any argument may be ommited.
	
IRC server: the IRC sever to attempt to log in to(obviously)
	Port: port number of the IRC server
IRC channel: IRC channel to join on start up (default is #Zhenya). A key may be specified after channel name.
Tip: If RCR is to remain logged in but not join any channels, specify an invalid channel. Eg. $mychan
IRC nick: the nick to log in with (default is RCR followed by 7 random numbers). Wild cards allowed.
IRC user id: the user id to log in with (default is RCR with 7 random numbers ). Wild cards allowed.
Host name: the name of the host machine to past down to server (this field is normally ignored by IRC server. The default is "Lamerland" :). Wild cards allowed.
Server name: the name of the server (ignored by IRC server because the host is NOT a server, default is "Lamerserver"). Wild cards allowed.
IRC name: the name to log in with (default is "Lamer named <nick>"). Wild cards allowed.
Password: the password that must be messaged to RCR on IRC to identify the owner, only then can the owner command the bot. If this field is ommited, no password is required and anyone on IRC can command RCR bot.
Ident enable: <ident enable> parameter added. If the desired IRC server does not issue ident requests then this option muct be turned off. Normally its on.
Proxy connection: If the system that RCR is installed on is connected to the internet via a network proxy, this option must be "on". In that case Dial-Up connection status check will be by-passed by RCR. Normally this parameter must be set "off". If you upload RCR with "off" and the host doesn't log into IRC, then it is probably a permanent connection hosts and you should try turning this option "on" and uploading then.
Script status: this should be either "on" or "off". This field turns the scripted message display on or off in the channel. 
Message: custom message to be displayed if script is on.

When the plug-in is attached to BO server, it will be started automatically with parameters passed down. Otherwise, the above parameters are to be entered in the "plug-in execute" fields inside BOGui.

When the plug-in is executed, RCR will join the specified channel under the specified nick. If the Script feature was set on, it will automatically display the IP in the channel. If not, RCR will stay quiet.

To activate RCR and make it listen to you, message the password to RCR. The bot should return an acknowledgement message: "Listening now, master <your nick>...". Now, anything you message to the bot using /query box or /msg, will be interpreted as a message to be routed to IRC server from the bot. If your message happens to be an RCR command, it will be acted upon accordingly.

When RCR first starts, commands to RCR may be sent through a channel in v1.1. Hence, multiple RCR bots maybe controlled at once. To disable this feature and also re-enable it, use CHANNEL command. You might wanna disable this feature because everything YOU say in the channel will be interpreted by bots as data to resend to the IRC server.

If you change your nick, RCR will remain listening to you because your host name has not changed. On the other hand, if you relogin to IRC with a new host name or someone else with a different host name knows your password, and the password is messaged to the bot, RCR will bestow ownership onto the messenger.


List of RCR commands in V1.0:

PASS [new pass phrase] - Sets a new password for the current time that the BO'ed person is online. If no password specified, RCR bot will be opened to commands from any user.

VER - Displays RCR version number and command names that are present in that version. 

CHANNEL [#channel] - Enables or disables processing of commands that came from the owner but not in a private message but from the #channel.

SCRIPT - Turns any scripted messages displayed in the channel off or on.

ROUTER [PRIV=<nick>:CHAN=<#channel>:SVR=<server>:] - Makes RCR resend any data coming towards it to your /query box. With no parameters, all data is routed. If parameters are specfied, data will be resent only from
the servers, nicks or channels specified. If parameters for PRIV= are ommited, all data sent to bots query box will be routed to the owner. Notice that there could be a number of nicks, channels or servers specified separated by spaces. Router only resends data to the nick that activated it. Hence, if the owner changes the nick or logs off, router will turn off. Note that if the LOG function was turned on, it will remain on, logging data from sources specified in the ROUTER command.
Note: parameter identifiers must be in capitals and parameter blocks must be separated by ":". 
ie. PRIV=:CHAN=#perth #chatzone:SVR=mpx.sydney.oz.org: will route all incoming private messages, messages from #perth and #chatzone channels and mpx.sydney.oz.org server.

LOG <filename> - Logs the incoming data into a file.
If this command is used before ROUTER command, all incoming data will be logged. If the ROUTER command has been turned on before, only the data specified in ROUTER parameters will be logged. When the owner goes off-line, ROUTER is automatically turned off, but data will still be logged. Use LOG again to stop logging. All data is appended to the file specified. The date and time of each message is recorded prior to the message.

IP - Reveals the IP of the user that has RCR running in a /query window.

RESET - Resets the machine where RCR is running. The reset is done by triggering the reset pin on the CPU via Sys Control Port A (92h), bit 0. The reset is equivalent to pushing the reset button on the case.


Everytime RCR bot is activated, the ROUTER function 
is turned off to the default state and the script function is brought to the state that was specified when the plug-in was run from BOGui.


Notes on IRC commands (for those who don't know):

PRIVMSG <channel/nick> :<message>  -  says <message>
MODE <channel> <flag> <nick> - sets modes eg. +o gives ops to <nick> on <channel>
TOPIC <channel> :<topic> - sets a new topic on <channel>

The above are just an example of some IRC commands. 
Any other commands recognised by your server may be sent. Notice that if a parameter like <topic> or <message> in the above has spaces in it, it MUST be preceded by a colon (:).

Note: if /msg is used to communicate with the bot, make sure you enter the name of your RCR bot exactly eg. if the nick is "TesT123", then /msg Test123 is not valid. /msg TesT123 MUST be used.

Well, I think that about raps it up for now. Some of possible future enhancements may be:

* Remotelly programmable script
* Mass recruitment
* ICQ99a exploits


For help with RCR email me or join #Zhenya on Efnet and see if im around.


Credits:

Design/Coding: Zhenya zhenya0@hotmail.com

IP enumeration routine: Brian Enigma enigma@netninja.com

Hardware Assistance and Consultancy: Griffin

Beta Testers: sTd, phlastik, S_Villain, TommyGun, Neuron

Thanx for replacing my on-line VC++ help (which I dearly miss) goes to the #C++ channel, in particular init_wit and _Vector_ for help in testing.

