
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
					 
                       SAdoor, version 0.3.1 Beta

             By Claes M. Nyberg, <cmn@darklab.org> June 2002

                  http://cmn.listprojects.darklab.org/

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Credits
-------

o FX <fx@phenoelit.de>
	For writing cd00r (http://www.phenoelit.de/fr/tools.htm), which gave me 
	the inspiration to write this, and for hosting the SAdoor project at
	darklab.org.

o Richard W. Stevens
	Without his books, nothing of this would have been possible R.I.P.

o Eric Young <eay@cryptsoft.com>
	For libblowfish, which is shipped with SAdoor.

o Van Jacobson, Craig  Leres and Steven McCanne, all of the Lawrence
  Berkeley National Labratory, University of California, Berkeley, CA.
	For libpcap, which this project uses.


Requirements
------------

o Libpcap (http://www.tcpdump.org) (for sadoor)
o Root privileges


Introduction
------------

First of all, you use this program on your own risk, and I am NOT responsible 
for anything you might destroy or render useless when using this program.
Do not install this software on a system where you do not have permission from
the owner. I wrote this program with honest intentions; to be able to remotely 
configure my firewall without any (visible) services up and running.

SAdoor is a non listening remote execution server for UNIX systems.
The idea is to set up a listener in non-promiscuous mode to listen for a set of 
TCP packets to arrive in a defined order to an interaface before the command-packet 
is accepted and the command within it's payload is run. 

This is useful since it is non-listening and theirfore does not show up as a
service when for example running the netstat command or a port-scan against the 
machine. 

If you have suggestions or comments on this program, or just want to say hello,
drop me a line.

CMN


Configuration
-------------

Edit OPTIONS.H for host specific settings of sadoor.
Make sure that you use different settings on different hosts.

If you want to use your sadb files from 0.2 beta with this
version, you have to decrypt your old files and add the new fields
(look in client/src/sadb.h) and encrypt the new file using sacat 
before you load it into sash. I am not in the mode to write a 
converter ..


Compiling and usage
-------------------

This "package" consists of 3 programs; sadoor, sacat and sash.

o sadoor - The server

	This is the server to install on the machine that you want remote access to.
	To compile it, step into the server directory and do a './configure' followed
	by a 'make install', or a './configure --disable-encryption' if you commented
	out SADOOR_ENCRYPTION_PASSWD in OPTIONS.H. 
	
	If everything went well, you will have a file in this directory called 'sadb'
	(if you just did a 'make', it will resist in server/src/sadb).
	This is the file to use with sacat below. 

To compile the client programs; step into the client directory and do a
'./configure' followed by a make install. If this went well you will have
the programs discussed below installed on your system together with the
corresponding manual pages (there are plain text manuals available in ./doc/).

o sacat - Encrypt "sadb" files
	
	This program encrypts the sadb file created when sadoor is compiled.
	Either append an existing encrypted database of all your hosts running sadoor,
	or create a new. If you create a new you will be promted for a password.

o sash - The shell to use for communication with the server
	
	This is the shell, which takes care of sending the TCP packets required to
	run the command on the target host(s). Since we are using a raw socket for
	sending these packets, you need root privileges. 
	
	After encrypting the sadb file with the sacat utility above; load it into 
	sash with the file command from within interactive mode or use the -f option 
	when starting sash and enter the password selected for the file.
	Type 'man sash' in another terminal and read the contents.

This version has been built and tested on:

OpenBSD 
	3.0 (x86)

FreeBSD
	4.5-RELEASE (x86)

Linux
	Slackware 8.0 (x86)
	RedHat 7.1 (x86)

Solaris
	SunOS 5.8 (Sparc)

Have fun!
