Bugtraq mailing list archives
antizap2.
From: dreamer () garrison inetcan net (Digital Dreamer)
Date: Tue, 8 Oct 1996 22:31:01 -0600
Here's a little utility I wrote to detect if zap2 has been used on your wtmp file. I've tested it on Linux, it works fine on that, and it _should_ theoretically work on any other platform that zap2 works on. It just searches for null blocks in wtmp. I have another version that will intelligently warn about UT_UNKNOWNs, null hostnames, etc, so a simple hack to zap2 won't defeat it, but that one isn't complete yet. I'll email the url I've put it up at when I complete it. But until then, here's az2.c. -- cut here /* antizap2, by Digital Dreamer (dreamer () flatline gateway com) * this will detect if zap2 has been used on your wtmp file. * handy for telling if someone has a) zapped themselves previously * on your system, or b) is currently on your system in a zapped state. * * usage: * az2 tmpfilename [-v] * * tmpfilename is the filename of either a wtmp or utmp. * * -v makes it a bit more verbose. * */ #include <stdio.h> #include <utmp.h> void usage(char *st) { printf("usage: %s tmpfilename\n", st); } int main(int argc, char **argv) { struct utmp inutmp; FILE *utmpfile; char *stptr; int count=0,zflag,i,verbose=0; if(argc < 2) { usage(argv[0]); exit(1); } if(argc > 2) { if(!strcmp(argv[2], "-v")) { /* i didn't think getopt was justified for only one opt. what, me defensive? */ verbose=1; } } if((utmpfile=fopen(argv[1],"rb")) == NULL) { fprintf(stderr,"%s: unable to open %s!\n",argv[0], argv[1]); exit(1); } if (verbose) printf("Munching...\n"); while(!feof(utmpfile)) { fread(&inutmp, sizeof(inutmp), 1, utmpfile); stptr=(char *)&inutmp; zflag=1; for(i=0;i<sizeof(inutmp);i++) { if(*stptr++ != '\0') { zflag=0; i=sizeof(inutmp); } } if(zflag == 1) printf("Zap detected! (count == %d)\n",count); if(verbose) printf("%d\r",count); count++; } fclose(utmpfile); if(verbose) printf("Done.\n"); exit(0); } -- cut here Enjoy. dreamer -- # mv `which emacs` /vmunix ; shutdown -r now
Current thread:
- antizap2. Digital Dreamer (Oct 08)
- Re: antizap2. Wolfgang Ley (Oct 09)
- novell utility BlackHeart (Oct 09)
- Re: novell utility Bruce M. (Oct 09)
- Re: novell utility Doctor Who (Oct 10)
- Sun Security Bulletin #136 Mark Graff (Oct 10)
- SECURITY HOLE IN AUTHENTICATION FORWARDING Charles M. Hannum (Oct 10)
- Re: SECURITY HOLE IN AUTHENTICATION FORWARDING Tatu Ylonen (Oct 13)
- InterNIC Shenanigans (crypt-pw) Sean B. Hamor (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Yiorgos Adamopoulos (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Igor Chudov @ home (Oct 11)
(Thread continues...)