[3421] in bugtraq
antizap2.
daemon@ATHENA.MIT.EDU (Digital Dreamer)
Wed Oct 9 12:48:36 1996
Date: Tue, 8 Oct 1996 22:31:01 -0600
Reply-To: Digital Dreamer <dreamer@garrison.inetcan.net>
From: Digital Dreamer <dreamer@garrison.inetcan.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Here's a little utility I wrote to detect if zap2 has been used on your
wtmp file. I've tested it on Linux, it works fine on that, and it
_should_ theoretically work on any other platform that zap2 works on.
It just searches for null blocks in wtmp. I have another version that
will intelligently warn about UT_UNKNOWNs, null hostnames, etc, so a
simple hack to zap2 won't defeat it, but that one isn't complete yet.
I'll email the url I've put it up at when I complete it. But until then,
here's az2.c.
-- cut here
/* antizap2, by Digital Dreamer (dreamer@flatline.gateway.com)
* this will detect if zap2 has been used on your wtmp file.
* handy for telling if someone has a) zapped themselves previously
* on your system, or b) is currently on your system in a zapped state.
*
* usage:
* az2 tmpfilename [-v]
*
* tmpfilename is the filename of either a wtmp or utmp.
*
* -v makes it a bit more verbose.
*
*/
#include <stdio.h>
#include <utmp.h>
void usage(char *st) {
printf("usage: %s tmpfilename\n", st);
}
int main(int argc, char **argv) {
struct utmp inutmp;
FILE *utmpfile;
char *stptr;
int count=0,zflag,i,verbose=0;
if(argc < 2) {
usage(argv[0]);
exit(1);
}
if(argc > 2) {
if(!strcmp(argv[2], "-v")) { /* i didn't think getopt was justified
for only one opt. what, me
defensive? */
verbose=1;
}
}
if((utmpfile=fopen(argv[1],"rb")) == NULL) {
fprintf(stderr,"%s: unable to open %s!\n",argv[0], argv[1]);
exit(1);
}
if (verbose)
printf("Munching...\n");
while(!feof(utmpfile)) {
fread(&inutmp, sizeof(inutmp), 1, utmpfile);
stptr=(char *)&inutmp;
zflag=1;
for(i=0;i<sizeof(inutmp);i++) {
if(*stptr++ != '\0') {
zflag=0;
i=sizeof(inutmp);
}
}
if(zflag == 1)
printf("Zap detected! (count == %d)\n",count);
if(verbose)
printf("%d\r",count);
count++;
}
fclose(utmpfile);
if(verbose)
printf("Done.\n");
exit(0);
}
-- cut here
Enjoy.
dreamer
--
# mv `which emacs` /vmunix ; shutdown -r now
