================ Remote RickRoll! ================ A Windows service that allows you to trigger an audio-only RickRoll on a victim's machine over the network. This package includes source code, as well as binaries built in Visual Studio 2005. This is not very polished or complete, and requires that several arcane installation steps be performed before it is useful. There is no graphical interface for this, so you will need to be comfortable with the command line. Just so you know. Please do not be evil or break any laws or policies when using this tool. Thanks! (c) 2008 by Tony Gambone, Licensed under the Gnu GPL v3 or later versions. License text available: http://www.gnu.org/licenses/gpl.html =============== Getting started =============== Remote RickRoll consists of two components: a service that runs on a victim's machine, and a client that is used to communicate with the service. When the service receives a command from the client, it begins playing "Never Gonna Give You Up" by Rick Astley. The service will also write an entry in the application log of the victim's machine, indicating that the user has been RickRoll'd. The service must be installed on the victim's machine before it can perform the RickRoll. It is possible to prepare the machine entirely remotely, without physical access, but you must have Administrator rights on the machine to install the service. The victim's machine (and yours) must also have the .NET Framework v2.0. It may work with later versions, but this has not been tested. If the victim does not have the correct version of the .NET Framework, it is also possible to install this remotely. *** DO NOT EXPECT ANONYMITY *** when using this tool. It makes no attempt to hide itself. To underscore this, your IP address will be written to the victim's application log. They will have a system service called "Remote RickRoll" and there will be a task on their machine called "RickRollService.exe". So, be sure that your victim will get the joke and that you don't break any laws or policies. To install the service remotely: 1. Determine the computer name of the victim's computer. 2. Copy the files in the bin\service directory of this package to a location on the victim's computer. Since you are an administrator, you can access the system share at \\COMPUTERNAME\c$ and put the files in a new directory (such as C:\rr, which will be used in this guide). 3. To install the service, you'll need to run a command on their machine. A good way to do this remotely is using the PsExec tool from Microsoft Sysinternals (part of the free PsTools package): http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx Download PsTools and extract it so you can run PsExec. 4. Open a command prompt on your machine and install the service remotely (you may need to add the full path to PsExec or change to its directory): psexec \\COMPUTERNAME -u USER -p PASSWORD c:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe C:\rr\RickRollService.exe For USER and PASSWORD, use the information of a user with administrative rights. If it is a domain user, use the DOMAIN\USERNAME syntax, otherwise use COMPUTERNAME\USERNAME. If you get an error, you may have to install the .NET Framework 2.0. See below for how to do this remotely. 5. Start the service remotely: psexec \\COMPUTERNAME -u USER -p PASSWORD net start "Remote RickRoll" 6. At this point, the victim's computer is ready to be targeted. In the bin/client directory of this package, run RickRollUI.exe. Enter the victim's computer name in the text box and click the button. The audio will begin playing after a brief (~5s) delay. There is no acknowledgement or indication of the result, other than the inevitable howls of your victim as you realize your glorious victory. If the victim does not have the .NET Framework 2.0 installed: 4a. Download the .NET Framework 2.0 from Microsoft: http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5 4b. Copy dotnetfx.exe to the remote computer (see step 2 above). The command below assumes it is in the root of C:. 4c. Using PsExec (see step 3 above), perform a quiet install of the Framework: psexec \\COMPUTERNAME -u USER -p PASSWORD c:\dotnetfx.exe /q:a /c:"install.exe /q" This command takes quite a while to complete. Once it finishes, you can retry step 4 above. ========================= Source code and internals ========================= The included source code is a Visual Studio 2005 solution. There are three projects: 1. RickRollListener: a class library that provides the core functionality of the service. The WAV file that is played is a resource in this project. There are two classes: RickRollListener, which handles the network communication, and RickRollPlayer, which plays the audio file. 2. RickRollService: a Windows service wrapper for RickRollListener. 3. RickRollUI: a Windows form that sends the command packet to a host. The command packet is simply one byte (0x72, or ASCII lowercase 'r'), sent on port 1987 (the year the song was released). When the listener receives the proper byte, it logs the RickRoll to the application log and begins playing the WAV file, then starts to listen for the next one. The audio is restarted if another control byte is received. It's not necessary to use the UI to send the command; it's a simple UDP datagram, so a client could be written in any language. For instance, the following Python code would send the proper command packet: from socket import * udp = socket(AF_INET,SOCK_DGRAM) udp.connect(('HOSTNAME', 1987)) udp.send('r')