BO2K in Action
After you define the parameters within a workspace, connecting to a remote BO2K server is simple. To connect to a server in my network, I double-clicked the server name in the Server List to open the Server Command Client dialog box, which Screen 2 shows. From the Server Command Client, you perform all administrative actions on the server. From this dialog box, I clicked Connect and successfully connected to the server, as the message in the Server Response pane at the bottom of Screen 2 shows. This action also relabels the Connect button as Disconnect, which you can see in Screen 2.
Upon connecting, the client can automatically query the server to discover its capabilities. The client uses the acquired capability list to build the command tree in the left pane of Screen 2. To perform command actions on the server, you navigate through the tree to locate the desired command, click the command name, fill in any required parameters, and press Send Command. Most commands require at least one parameter before you can execute them on the server. In those cases, the Server Command Client displays data entry fields in the right pane. A fair warning is in order here: Malformed command parameters can cause the BO2K server component to crash or lock up, so enter the parameters carefully and pay close attention to the syntax.
Because BO2K is a remote management tool, command functions are paramount to getting work done. When I examined the command tree, I discovered that BO2K can perform a variety of actions. The online sidebar "BO2K Command Usage," http://www.winntmag.com/articles, InstantDoc ID 7253, describes the command structure and the functionality BO2K provides.
The million-dollar question for any remote administration tool is, can it perform necessary administrative actions? With the first release of BO2K, the answer is yes and no—with a heavy slant toward no. Without the BOPEEP plugin, BO2K can't perform simple administrative tasks, such as changing user-account settings and reviewing the event logs. Although you can download and view files, and view, add, and modify Registry entries, these actions aren't especially conducive to simple user and log administration. After all, who wants to sift through the Registry just to view a log entry? BO2K's Registry viewer and editor is purely text based, and although the tool finishes the job, it's cumbersome to use and has no search facility for finding keys or values. Therefore, using the BOTOOL plugin is a must for any serious remote-administration tasks because it adds enhanced file and Registry management to BO2K.
Because BO2K lets you control services, access the Registry, transfer files, and redirect ports, the tool is very conducive to providing one control point to access these types of tools. For example, most prudent administrators block remote Registry access. But with BO2K in place, you can still edit the Registry regardless of whether the administrator has blocked remote Registry access. You can provide the same access for process controls and other NetBIOS-based administration. So, even if your border-protection system (e.g., firewall, proxy) doesn't permit NetBIOS traffic in and out of the network, you can still provide controlled access to a BO2K server port. This capability is a significant benefit of this tool; but then again, other remote administration tools such as pcANYWHERE32 and Remotely Possible/32 offer this benefit.
BO2K's built-in file manipulation ability is admirable, but not complete by any stretch of the imagination. Because BO2K supports 3DES, you can transfer files over a secure connection that is very difficult to crack. When I used the Receive File and Send File commands under the File/Directory command tree, I could securely transmit files back and forth between BO2K servers on the network. However, a major shortcoming with the built-in functionality is that I could only send one file at a time and I have to tell the receiving system what that filename should be before transmission. With this limitation, moving large numbers of files will be cumbersome and time-consuming. However, using the BOTOOL plugin lets you easily overcome the limitations of the built-in file controls.
BO2K also supports straight TCP file transfers. I found this feature handy because I was able to use tools such as L0pht Heavy Industries' Netcat to connect to a BO2K server and retrieve a file. Again, a one-at-a-time architecture limits this functionality.
The tool also comes with a built-in basic Web server so that you can browse for files and directories. This feature makes navigating a hard disk simple and lets you easily download files with the click of a mouse. However, straight HTML directory navigation still pales in comparison with a regular Windows Explorer client. Personally, I'd rather use the BOPEEP or BOTOOL plugins than use NT's built-in Windows Explorer.
BO2K can turn on any audio or video device available on the remote system. I tested this feature, and it worked well; however, I can't think of any genuine administrative uses for this capability other than using it when I want to know what's happening around a given system. For example, if you run BO2K on NT servers kept in a secure area, this feature can help you keep an eye on those facilities.
BO2K supports file compression and decompression. This feature offers a quick and handy way to shrink a large file before you transmit it over the network.
One potential use for BO2K is network surveillance. BO2K can observe the same types of information (e.g., processes running on a remote computer, open connections, shares) that you might use NT's Server Manager to check. BO2K also includes the ability to perform keystroke logging, a feature that might come in handy if you suspect an employee of engaging in malicious or unauthorized activity. I tested this feature without any problems.
You can use BO2K to reboot a remote computer and dump password hashes from the SAM database that you can crack using L0pht Heavy Industries' L0phtCrack tool. Although this second feature might appear to be a security risk, any user with Administrators group privileges can do the same thing using other hash dumping tools that are freely available on the Internet.
One of BO2K's features has no use in the corporate environment: I'm talking about a little command called Lockup. This command locks up the remote computer, forcing you to reboot the machine. If anyone can think of a legitimate use for this functionality, I'd like to hear it—this feature is strictly malicious.
One serious oversight with this release of BO2K is its amazing lack of any interaction with NT's event log; BO2K never creates log entries. To be a genuine remote administration tool, BO2K needs this functionality. Corporate users need to have a logging option to provide footprints on the network and an audit trail for quality control. Granted, not all users want this functionality, but I suspect that most will. And if cDc truly wants the public to view this tool as legitimate and acceptable for corporate use, then the group should immediately add this capability.
The Good, the Bad, and the Ugly
All summed up, BO2K is a great tool, and the fact that it's free makes it appealing. However, it has some serious shortcomings.
The good. Because cDc made the source code available under open-source licensing, anyone who doesn't feel safe about running the compiled BO2K executables can download the code, examine it for security concerns, and compile and run their own executables.
The availability of the source code also means that a programmer can address shortcomings and bugs in the code and extend the overall functionality of the tool. Developers can also use the available SDK to write plug-in extensions for specialized functions. Just be aware that under the BO2K's open-source licensing scheme, you can't commercially sell any modifications you make to the product. However, you can develop custom BO2K plugins and commercially sell support and maintenance for those plugins as long as the plugin remains available for free.
One of the biggest benefits to using BO2K is that it can provide remote access that border-protection systems might otherwise block. This functionality appeals to me because I habitually block all traffic related to NetBIOS and other dangerous protocols from entering or leaving any of my networks. With BO2K, I can minimize traffic-related security rules to some extent while not giving up too much functionality in the process.
In addition, the tool can provide encrypted communication through another tunnel, such as Secure Shell (SSH). To securely move typical NetBIOS-related traffic, many companies use VPN technology, such as Microsoft's PPTP, to tunnel between a client and a remote network. With BO2K and its 3DES support, PPTP might not be necessary on your network, unless you're supporting end-user connectivity. The main difference between PPTP and BO2K is that PPTP provides a tunnel into a server and network, whereas BO2K provides a tunnel in the BO2K application that exposes servers and networks. Using PPTP might be easier than trying to do all your administrative work from within BO2K. However, if cDc puts some heavy polish on BOPEEP, I'd personally rather use BO2K than fuss with PPTP for secure administration.
The bad. Unfortunately, BO2K is still underpowered, even with the addition of the BOPEEP and BOTOOL plugins. cDc needs to add more administrative functionality, such as the ability to control NT service startup properties.
Another shortcoming is that BO2K has some annoying bugs, such as the lack of parameter checking, that might lead to a crashed BO2K server component if you make a mistake in syntax when you enter a command. The initial release of BO2K also suffers from a lack of multiuser support and no support for multiple passphrase storage.
Perhaps cDc didn't address some of these shortcomings on purpose. I know that the company expects the user community to use the open-source availability to improve the tool and offer those improvements back to the community. Whether this tactic will work and improve the product remains to be seen. However, if the developer community does respond, perhaps we'll see a much more powerful BO2K sometime down the road.
The ugly. BO2K's really ugly parts include the fact that anyone can configure the software to be almost completely invisible on the network and that the tool has a Lockup command readily available in the command interface. Toss in the fact that BO2K doesn't log any network events, and you've got the potential for some serious shenanigans to take place in your network environment.
Can you control these concerns? Certainly. You can easily make the tool visible on a system and trust an administrator not to use the Lockup command—most administrators have more than enough network access to crash a system without using BO2K. So BO2K's big, remaining, ugly blemish is logging. Without the ability for BO2K to write event-log entries or provide an audit trail, you're accepting a significant risk by letting BO2K run on your network. Good security practice includes having an audit trail to follow, and even though I can turn on all kinds of auditing within NT, none of that trail will ever reveal what user performed which actions while using BO2K. BO2K handles its connections and can't tie itself into the NT user database (or any other database) for managing connection privileges. For all intents and purposes, NT thinks the built-in System account performed all actions an NT audit trail catches, when in fact BO2K performed them.
The Verdict
BO2K stands poised to become a useful remote administration tool. But before it attains that status, someone needs to add an audit trail capability, either proprietary logging or NT event logging—with NT event logging being the preferred choice for corporate use.
Along with logging, other items on my wish list are controls to manage users and event logs, and controls to manage file, directory, share, and Registry permissions. With these controls added, BO2K would be a more formidable competitor to other remote management packages. But until we see these improvements, I'd be hesitant to deploy BO2K on a corporate network because I would constantly find myself needing to access this type of functionality. And although I can use BOPEEP to access NT's built-in tools that provide this functionality, BOPEEP needs some improvement as well.
Nonetheless, you might want to get a copy of BO2K and begin to familiarize yourself with its use and operability because I suspect we'll see the cDc developers addressing these concerns. You can find BO2K and the available plugins at http://www.bo2k.com.