Procedure
NetBus consists of a server portion, called Patch.exe, and a remote client that controls it, called NetBus.exe. The server portion once installed, then listens on port 12345 for incoming signals from the client. The client has a simple GUI interface that allows the attacker to perform almost any task on the compromised system. I installed the server portion (Patch.exe) on my machine (C:\NetBus > Patch /noadd) and made sure port 12345 was open (C:\ >netstat –a). This computer is ready to be taken over!!
Results
As you can see from the interface above, there are many different activities the attacker can perform on the victim’s machine. My lab partner installed the client portion of the program (NetBus.exe) on his machine. This brings up the interface we saw above. By typing in my IP address, he was connected to my machine and was able to open my CD drive, control my mouse, shut down my computer, and do any of the activities with just a push of a button!!