# FakeBO. Copyright (C) 1998,99 KoSt
#
# FakeBO configuration file
# 
# Distributed under GNU Public License
# 
# comments are blank lines and lines beginning with #
# all other are parameters

# user who should own the process if started by root
user "nobody"

# port to listen for BO connections
boport 31337

# port to listen for NetBus connections
nbport 12345

# option if start fakebo as a daemon 
# 0 - do not start fakebo as a daemon
# 1 - start fakebo as a daemon
startasdaemon 1

# fakes BO version (not longer than 10 characters)
# it's used for sending BO version when sentfakereply is on
# now you can fool the attacker that you have computer infected
# with newer version of BO... ;)
bofakever "1.20"

# fakes NetBus version (not longer than 10 characters)
# it's used for forming the greeting back to the client
nbfakever "1.60" 

# message which will be sent to BackOrifice client when accessed
bomessage "Your attempt of breaking into this system has been logged. You are now on the black list."

# message which will be sent to NetBus client when accessed
nbmessage "Your attempt of breaking into this system has been logged. You are now on the black list."

# file where all attempts are logged (full path)
# if stdout is specified, it will use STandarD OUTput
# if stderr is specified, it will use STandarD ERRor
logfile "/var/log/fakebo.log"

# option if you want to log IP where it comes from
# and what type of packet is
# 0 = not to log
# 1 = log it!
logconnection 1

# it can be 5 values (0,1,2,3,4) for logging received packets
# 0 - do not log
# 1 - log only command
# 2 - log command & data fields (most common)
# 3 - log command, data and header fields (for debugging purposes)
# 4 - log packet hex dump, along with everything from above
logreceivedpackets 2

# it can be 4 values (0,1,2,3) for logging packets to send
# 0 - do not log
# 1 - log only command
# 2 - log command & data fields (most common)
# 3 - log command, data and header fields (for debugging purposes)
logsendingpackets 0

# option if you want to log contents of NON-BO packets
# 0 - do not log (recommended)
# 1 - log it!
lognotbopackets 0

# if you want to send fake replies
# (it will display message like if you had BO)
# very useful to set when somebody sweeps your domain and you
# want him to beileve that you have BO server installed
# 0 - not to send
# 1 - send fake replies 
sendfakereply 0

# used for fake ping replies for forming fake ping packet (one word) 
machinename "DEFAULT"

# option if you want to the time and date of received packet
# 0 - not to log
# 1 - log it!
logtimeanddate 1

# make it silent? 
# if this option is set it will not answer the message back to BO client
# note that pings still be replied back to client, turn off sendfakereply
# if you want to make it completely silent (very useful if you don't want 
# that public knows that their activity is logged)
# 0 - send answer back to client 
# 1 - do not send answer back to client (silent mode)
silentmode 1

# This option is used for turning on or off buffered output to log file
# 0 - do not use buffered logging (logs are written immediately)
# 1 - use buffered logging (logs are written later, not much faster)
# Recommended: 0
bufferedlogging 0

# you can set this to 1 if you want to log connections via syslog 
# 0 - do not log via syslog
# 1 - log via syslog
# 2 - log via syslog verbosely
logtosyslog 2

# if you set this option, FakeBO will execute the program which you 
# specify in "executescript" parameter (look below) when it receives 
# the BO packet.
# It is sorta of plug-in, so you can do everything you want with the
# client's IP. You can just do whois, finger or traceroute or something,
# but putting nuke, or land or some similar attack in script is not very
# smart (then you're like the one attacking you!)
# 0 - do not execute script (plug-in?)
# 1 - execute the script (plug-in?)
toexecutescript 0

# with this you can specify the shell that will be used to expand command
# line parameters when running custom script (the shell must accept `-c')
executescriptshell "/bin/sh"

# this parameter is ignored if `toexecutescript' is off.
# If FakeBO finds `!' anywhere in this string, it will replace it with
# the client's IP address. Likewise, a `%' will be replaced by the text
# `backorifice' or `netbus', depending upon which trojan originated the
# attack. To insert literal `!' or `%', escape it with a backslash, as in
# `\!'.  You can also specify several commands: use `;' to separate them
# (just like in the shell).
executescript abusemail ! %

# with this you can specify for every BO command different answer
# to the attacker. it's very useful if you want to make him believe he 
# is doing everything right.
# note:
# if option silentmode is on, then this parameter doesn't have effect.
# 0 - do not use custom replies
# 1 - use custom replies
usecustomreplies 0

# for every command you can specify different answer to the attacker.
# you just have to make the text file for every command.
# the hexadecimal identification of command is added to the path
# look at file "custom.replies" for more details.
# note:
# if option usecustomreplies is off, this parameter has no effect.
# note2:
# if file for some command cannot be find, then generic message is
# used (message parameter).
customrepliespath "/etc/fakebo/reply."

# this can only be used for Back Orifice [BO] packets
# it will try to crack BO packets with password and it will log
# encryption key. It takes less than a second to crack the password
# on average Pentium. If you're low on CPU resources you should say
# no (0) here.  
tocrackpackets 1

# if this option is set different than "NONE" it will ignore connections
# from host specified. 
ignorehost "NONE"

# this causes BO to use the built-in RealFake(tm) BO server.. to
# properly emulate responses to the BO client, and hopefully
# REALLY confuse them.. Don't worry, it may look real, but it is
# as harmless as a crax0r using a windoze box.
userealfakebo 1