Jump to content
bt.ionut

Delete Complet.

Recommended Posts

Posted

Salut,

Sa luam ca exemplu un forum, nu conteaza platforma, ceea ce as vrea eu sa fac este un mod de a sterge tot ce se afla pe server inclusiv sql, acest mod vreau sa fie protejat cu 3 parole diferite, cu un db diferit pe alt server, pe un pc sau orice altceva, dupa introducerea celor 3 parole cu un singur click sa se sterga tot, este posibil ? Daca da, cum !?

@Multumesc.

Posted

Orice este posibil daca ai destule cunostiinte. Eu as zice asa: scrii un php care sa faca toate operatiunele de stergere si il pui pe serverul pe care vrei sa-l "cureti" in mama folderelor imposibil de ghicit, sau ceva de genul: root/megan35{base64{md5{md5{parola 3}}}}/alta combinatie de criptari din parola 1/alta combinatie de criptari din parola 2/md5{base64{din numele tuturor folderelor dinainte inclusiv slashes/script.php

Scriptului de curatenie deasemnea ii da-i diferite combinatii de criptari ale celor 3 parole ale tale, intr-o ordine diferita fata de cea a introducerii lor pentru verificarea autenticitatii userului in scriptul php declansator (ce se afla desigur pe alt server), plus inversul md5-ului a path-ului de la root pana la scriptul php, iar toate aceste date le pui prin POST, in niste variabile care au deasemenea legatura cu cele trei parole, ceva criptari ale lor (stabilite inainte de tine). Cam atat cu scriptul de curatenie.

Apoi scrii alt script php pe care il pui pe un alt server, caruia ii furnizezi cele 3 parole, calculeaza tot ce ii trebuie pentru a putea afla adresa scriptului de curatenie, numele variabilelor ce trebuie postate dar si valoarea lor, iar apoi faci un simplu POST in curl.

Cam asta ar fi metoda mea.

Posted (edited)

Asta daca pui in root la server si ai drepturi de admin sterge si bazele de date (mysql) si toate fisierele si folderele(testat), pentru parole si restu e simplu folosing cURL.

<?php
// Johndoe @ rstcenter.com/forum/members/johndoe
error_reporting(0);
function delete_directory($dirname) {
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname."/".$file))
unlink($dirname."/".$file);
else
delete_directory($dirname.'/'.$file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
$link = mysql_connect('localhost', 'root', '');
$res = mysql_query("SHOW DATABASES");


while ($row = mysql_fetch_assoc($res)) {
$sql = "DROP DATABASE ".$row['Database'];
if (mysql_query($sql, $link)) {
//
}
}
delete_directory('.');


echo 'Gata, e praf!';


?>

http://codepad.org/EhFed0ke

Edited by JohnDoe
.. bazele de date (mysql)
Posted (edited)
Asta daca pui in root la server si ai drepturi de admin sterge si bazele de date si toate fisierele si folderele(testat), pentru parole si restu e simplu folosing cURL.

<?php
// Johndoe @ rstcenter.com/forum/members/johndoe
error_reporting(0);
function delete_directory($dirname) {
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname."/".$file))
unlink($dirname."/".$file);
else
delete_directory($dirname.'/'.$file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
$link = mysql_connect('localhost', 'root', '');
$res = mysql_query("SHOW DATABASES");


while ($row = mysql_fetch_assoc($res)) {
$sql = "DROP DATABASE ".$row['Database'];
if (mysql_query($sql, $link)) {
//
}
}
delete_directory('.');


echo 'Gata, e praf!';


?>

PHP code - 34 lines - codepad

1.Elimina database-ul doar daca e mysql (Nu e valabil si in alte tipuri de database si readuc aminte mysql nu este singurul db care exista)

2.Nu sterge datele ci face doar unlink care e cu totul altceva ( adica sterge doar numele fisierelor nu si continutul ,reduce numarul de referinte in inode si atat , asta inseamna ca datele exista in continuare).

3.Daca vine rulat intrun host 3rd party (pe langa faptul ca datele vor ramane oricum in partitie deoarece ai facut doar unlink pot fi implementate si solutii de mirror|clone|snapshot care oricum vor pastra o copie fresh a datelor.

4.In cazul in care vin implementate solutiile de la punctul 3 iti demonstrez ca nu vei distruge datele nici daca vei folosi comandul "dd" (conversion of raw data) care poate face un device format la un low level.

5.Tu ai chemat doar cateva functii intrun limbaj de programare high-level interpretat la nivel de utilizator care vin traduse la un low-level si fac un indirect system call , adica solicita un serviciu la nivelul de kernel a sistemului de operare.

Un syscall furnizeaza doar o interfata intre user level si system level care poate fi chemata prin intermediul diverselor limbaje de programare high-level.Prin intermediul limbajelor de programare high level se face doar o cerere care nu e nicidecum echivalenta cu un ordin.

Edited by pyth0n3
Posted
1.Elimina database-ul doar daca e mysql (Nu e valabil si in alte tipuri de database si readuc aminte mysql nu este singurul db care exista)

2.Nu sterge datele ci face doar unlink care e cu totul altceva ( adica sterge doar numele fisierelor nu si continutul ,reduce numarul de referinte in inode si atat , asta inseamna ca datele exista in continuare).

3.Daca vine rulat intrun host 3rd party (pe langa faptul ca datele vor ramane oricum in partitie deoarece ai facut doar unlink pot fi implementate si solutii de mirror|clone|snapshot care oricum vor pastra o copie fresh a datelor.

4.In cazul in care vin implementate solutiile de la punctul 3 iti demonstrez ca nu vei distruge datele nici daca vei folosi comandul "dd" (conversion of raw data) care poate face un device format la un low level.

5.Tu ai chemat doar cateva functii intrun limbaj de programare high-level interpretat la nivel de utilizator care vin traduse la un low-level si fac un indirect system call , adica solicita un serviciu la nivelul de kernel a sistemului de operare.

Un syscall furnizeaza doar o interfata intre user level si system level care poate fi chemata prin intermediul diverselor limbaje de programare high-level.Prin intermediul limbajelor de programare high level se face doar o cerere care nu e nicidecum echivalenta cu un ordin.

Da, m-am gandit doar la mySQL pentru ca asta folosesc si am uitat de celelalte baze de date. In legatura cu stergerea fisierelor, eu am incercat pe XAMPP in windows si nu am mai avut folderul in care sunt puse fisierele pe server (htdocs), deci am crezut ca sterge tot, nu m-am gandit la alte posibilitati. Oricum, daca nu sunt implementate masuri de securitate/backup cred ca ramane serverul fara baze de date mySQL si fisiere (cum s-a intamplat la mine pe serverul local).

Posted

O idee ar fi rescrierea fisierelor deoarece este mai eficienta decat eliminarea lor care pana la urma se limita la un simplu unlink si datele pot fi recuperate intrun mod destul de simplu, dar nu e valabila daca vin implementate si solutii de mirror|clone|snapshot etc.

Posted

./script numefisier -> rescrie tot fisierul cu 0

./script nume_director -> rescrie directorul si toate fisierele din el cu 0

./script / -> rescrie directorul root cu 0 in mod recursiv + toate fisierele existente in acest director

Nu elimina fisierele le rescrie cu 0 si e mult mai eficient decat rm -rf

Bineinteles pentru a distruge un mirror

./script drive1

./script drive2

Note:Trebuie rescrise toate partitiile care fac parte din mirror pentru a distruge datele


#!/bin/ksh

###Display handler
if [[ $# -lt 1 || $# -gt 1 ]]; then
print "[+] Usage: $0 filename ";
print "[+] $# Arguments were Supplied, must be 1 ";
print "[+] Exiting..";
exit 32;
fi


###Main
typeset handler=$1;
LOCATION=$(find $handler -name "*" -type f)
for f in $LOCATION; do
dd if=/dev/zero of=./$f bs=1 count=$(echo $(stat -c%s "$f"));
done

Posted (edited)

Cineva mi`a zis:

well

ideea in mare e asa

folosindu-ne de 3 fisiere

cu numele alcatuit din md5-ul parolelor tale

sa spunem

htdocs/locatie1/hash_md5

asta fiind un fisier fara extensie

al carui nume reprezinta

md5`ul parolei 1

si inca 2 fisiere

care contin ca nume, md5`ul celorlalte 2 parole

odata verificate

te folosesti de functia

unlink() din php

unlink('../htdocs');

care o sa stearga tot

iar la verificarea parolei

pui if`uri

$pw1 = md5($_GET['pass1']);

si tot asa pentru toate 3

iar la verificare

if (file_exists('locatie1/'.$pw1) && file_exists('locatie3/'.$pw3) && file_exists('locatie2/'.$pw2) )

Edited by bt.ionut
Posted
Cineva mi`a zis:

te folosesti de functia

unlink() din php

unlink('../htdocs');

care o sa stearga tot

Îmi ia 10€ s? mi'l fac?, probabil îi ia 5 minute.

Trebuie sa va bat cu cuie in cap ?

Bullsh*t Functia unlink nu sterge fisierele

Posted (edited)

@bt.ionut Facem pariu, si daca iti demonstrez ca nu elimina fisierele si iti recuperez datele iti tai limba pentru ce ai spus mai sus, ti-o tai tie si la ala care tia spus ca functioneaza .

Deletes filename. Similar to the Unix C unlink() function. A E_WARNING level error will be generated on failure.

rm -rf tot unlink foloseste si uite aici

http://www.youtube.com/watch?v=tZhpunfbouc&list=UUVah62aHNrw6c-C-DnVW9hw&index=5&feature=plcp

PHP e un limbaj high level iar eu iti spun ce face cand vine tradus la nivelul de assembler daca vrei.

Edited by pyth0n3
Posted
Încerci s? fii inteligent, dar nu reu?e?ti pyth0n3 ~ nu?tiu cât php ?tii, dar cât ?tii e?ti varz?.

PHP: unlink - Manual

Omule. Intelege! Tu cand stergi un fisier, nu-l stergi cu adevarat. Doar legatura catre acel fisier nu mai exista. Fisierul insa ramane acolo. Ca sa-l stergi cu adevarat trebuie sa scrii altceva peste el.

Nu va mai rugati la functii si incercati sa intelegeti ce se intampla cu adevarat in spate.

Posted (edited)

Ascultati de pyth0n3 si crs12decoder, si daca nu stiti nu va puneti sa contraziceti numai pentru ca daca dai cu unlink() pe un fisier nu-l mai vezi, datele ramane acolo, si cum a zis si crs12decoder, trebuie scris ceva pe portiunea aia ocupata de el pentru a fi sters cu adevarat, si dupa o formatare rapida a unui HDD se pot recupera date :)

Edited by BogdanNBV
Posted (edited)

Poftim :

Sursa cod in C care cere 3 password-uri inainte sa distruga un fisier sau un director de fisiere


static char data [] =
#define xecc_z 15
#define xecc ((&data[0]))
"\242\173\305\012\225\163\061\074\036\144\115\323\255\244\223\146"
"\207"
#define pswd_z 256
#define pswd ((&data[53]))
"\213\316\370\033\243\135\234\014\216\366\175\203\107\171\113\025"
"\001\152\110\107\031\061\271\156\114\074\325\324\103\146\261\317"
"\064\251\353\330\030\016\165\040\033\074\341\256\103\212\372\132"
"\154\047\016\271\217\014\020\370\365\341\026\365\163\113\072\157"
"\213\342\362\243\360\147\304\013\244\246\272\347\060\265\102\234"
"\334\121\125\153\136\146\144\123\107\172\111\273\305\203\052\121"
"\145\034\365\125\204\271\141\050\137\033\020\217\320\123\054\255"
"\245\201\030\003\347\175\127\057\367\240\353\274\043\025\016\211"
"\062\003\337\267\275\100\340\034\133\361\254\054\104\330\331\351"
"\132\362\355\102\157\104\162\147\344\135\044\010\162\062\221\245"
"\065\161\134\362\261\074\017\015\055\274\072\162\224\023\134\357"
"\006\111\061\166\216\243\335\162\000\002\173\163\064\015\030\152"
"\176\165\135\057\262\155\075\340\051\167\122\276\213\257\255\221"
"\370\336\010\206\202\346\371\203\350\165\366\035\202\017\207\001"
"\205\345\061\067\122\156\027\174\345\152\072\160\031\347\002\022"
"\306\012\231\111\360\222\314\331\010\303\366\212\322\176\214\127"
"\143\275\217\266\054\246\062\021\021\154\202\052\124\205\074\033"
"\217\325\145\200\150\061\131\160\364\120\373\307\316\210\037\062"
"\105\256\350\161\006\210\345\225\177\142\031\306\334\144\334\335"
"\316\044\044\350\125\335\127\242\032\054\166\136\223\047\056\310"
"\321\031\241\330\241\206\155\041\351\206\347\305\353\303\243\272"
"\347\310\242\075\246\371\337\301\046\126\037\272"
#define tst1_z 22
#define tst1 ((&data[366]))
"\120\330\053\147\311\223\317\231\217\145\355\044\336\347\077\167"
"\207\022\370\006\004\371\227\147\043\050"
#define msg1_z 42
#define msg1 ((&data[398]))
"\052\224\034\021\131\007\324\327\047\123\244\016\134\125\310\276"
"\166\022\170\132\223\060\047\343\075\171\064\140\365\356\374\131"
"\361\322\110\125\006\061\332\046\224\365\075\307\076\127\053\351"
"\331\375\302\274\305\144\372"
#define lsto_z 1
#define lsto ((&data[446]))
"\332"
#define date_z 1
#define date ((&data[447]))
"\276"
#define inlo_z 3
#define inlo ((&data[448]))
"\244\307\306"
#define msg2_z 19
#define msg2 ((&data[454]))
"\001\345\050\304\343\233\367\274\155\237\071\374\231\244\321\174"
"\167\262\250\236\233\067\012\217\276\065"
#define shll_z 9
#define shll ((&data[479]))
"\175\342\122\157\103\024\025\315\126\233\321"
#define chk1_z 22
#define chk1 ((&data[490]))
"\330\100\126\053\245\263\014\204\275\221\103\224\042\276\207\244"
"\166\216\353\222\161\102\302\234\011\322\253"
#define rlax_z 1
#define rlax ((&data[515]))
"\111"
#define tst2_z 19
#define tst2 ((&data[520]))
"\052\215\277\353\274\002\302\363\222\071\217\062\341\062\313\336"
"\177\344\121\342\377\227\234"
#define opts_z 1
#define opts ((&data[539]))
"\160"
#define text_z 914
#define text ((&data[722]))
"\163\001\203\116\107\000\061\142\173\325\072\273\337\015\147\106"
"\272\100\062\230\145\134\046\045\107\263\346\030\151\262\170\335"
"\263\374\054\373\375\135\136\170\063\231\063\022\246\233\131\140"
"\333\213\371\101\347\037\146\057\323\115\107\074\000\300\032\264"
"\274\107\260\271\244\016\062\330\247\146\353\116\001\104\257\334"
"\317\250\036\266\307\205\346\232\322\056\327\323\356\361\207\253"
"\070\067\144\335\106\226\265\356\374\240\074\376\345\353\333\264"
"\223\371\153\132\176\121\365\121\177\314\044\156\275\254\031\366"
"\344\176\324\053\025\211\031\022\052\125\020\020\101\353\304\324"
"\344\057\057\143\201\044\265\001\361\332\157\257\207\211\245\153"
"\007\171\227\035\003\260\057\056\006\077\076\107\053\003\034\020"
"\063\113\163\265\160\050\233\343\255\341\107\134\267\320\346\117"
"\203\240\263\066\122\157\370\364\302\070\041\365\177\373\031\045"
"\062\156\116\017\065\144\045\377\375\324\076\062\131\343\201\307"
"\170\340\070\075\072\367\166\241\107\316\166\057\012\033\171\123"
"\342\356\306\174\365\362\260\324\214\003\322\157\005\370\201\243"
"\342\273\371\304\040\142\336\251\274\363\163\304\032\145\020\117"
"\012\135\250\375\125\213\235\221\367\175\265\012\154\066\146\301"
"\212\001\216\220\071\320\027\213\262\071\012\241\160\242\103\376"
"\237\207\111\066\343\152\323\076\361\345\363\176\157\104\052\005"
"\376\230\002\361\377\360\212\061\361\320\146\062\256\065\123\140"
"\221\307\214\104\114\351\162\042\041\117\167\335\077\235\027\232"
"\227\053\036\175\153\373\242\345\114\125\221\276\150\000\226\136"
"\035\135\022\342\365\276\376\255\176\253\011\025\156\302\374\133"
"\126\335\256\175\076\331\110\102\133\377\311\033\374\261\300\273"
"\016\224\050\136\203\176\335\165\171\137\051\366\173\134\126\202"
"\120\012\140\217\165\245\223\000\352\014\100\257\177\047\036\304"
"\036\077\115\117\365\042\156\222\050\132\060\041\325\046\001\357"
"\060\064\143\334\221\222\324\341\325\007\043\344\174\334\315\077"
"\046\203\066\335\141\176\021\042\226\001\105\230\221\333\062\146"
"\247\127\215\326\152\256\206\110\371\165\376\002\140\202\303\360"
"\102\016\057\253\076\254\144\136\074\303\123\311\331\010\220\243"
"\205\247\007\143\100\075\167\332\213\104\310\224\125\234\227\277"
"\241\130\237\203\156\311\152\043\206\116\266\322\334\343\356\052"
"\053\007\146\270\044\000\323\204\033\326\343\134\255\036\034\237"
"\017\310\105\200\270\036\140\061\046\263\044\335\300\164\115\276"
"\214\321\255\154\350\241\360\200\023\372\174\156\105\117\103\010"
"\367\064\274\060\041\133\040\347\347\366\065\342\173\012\334\363"
"\122\327\216\076\070\340\000\220\224\123\043\044\320\065\315\272"
"\305\020\313\107\001\262\264\231\065\277\302\303\274\324\335\161"
"\165\217\071\321\064\024\075\043\106\351\054\214\205\217\117\017"
"\135\071\337\227\021\000\271\033\277\166\036\341\156\336\005\013"
"\223\064\164\005\021\226\277\127\263\151\217\015\247\166\063\160"
"\202\132\341\107\054\022\160\202\300\062\120\173\264\016\055\131"
"\062\322\225\167\033\100\050\010\044\035\053\076\041\314\160\366"
"\074\014\005\323\000\145\152\223\053\367\115\046\215\346\251\255"
"\226\026\167\132\230\050\016\011\100\130\077\356\023\241\027\154"
"\356\122\045\150\254\317\107\136\266\375\236\022\106\105\162\034"
"\175\206\033\330\125\313\377\114\062\125\357\271\112\107\123\002"
"\351\253\021\255\007\134\147\264\177\361\253\123\244\320\347\321"
"\117\033\116\062\074\112\306\124\035\033\276\312\001\221\303\337"
"\333\167\211\361\225\110\033\000\002\133\303\147\115\232\053\172"
"\330\150\223\223\376\244\371\171\157\361\044\323\371\250\111\002"
"\326\322\136\167\220\263\307\317\347\203\133\076\324\153\323\312"
"\247\336\273\204\203\022\017\015\160\266\001\302\334\221\130\374"
"\156\360\236\323\372\236\270\114\105\244\127\037\243\317\114\063"
"\023\074\224\030\362\275\025\167\324\107\220\132\155\355\142\026"
"\162\241\010\046\012\013\121\020\361\102\053\131\300\010\275\300"
"\101\271\015\322\301\274\122\327\367\076\165\315\235\135\246\215"
"\230\232\074\035\144\066\145\240\225\026\233\026\340\123\105\001"
"\313\360\004\062\036\313\366\234\202\351\273\253\275\133\231\327"
"\320\124\210\010\147\306\342\352\241\010\147\005\061\305\132\115"
"\360\007\143\337\363\067\355\340\271\234\346\225\126\065\316\307"
"\005\002\237\235\172\071\233\222\103\131\377\313\276\377\052\201"
"\341\102\053\367\126\071\035\303\350\171\027\214\134\036\305\055"
"\035\207\364\311\032\277\177\272\317\211\362\124\231\122\204\217"
"\070\121\031\054\376\072\375\307\166\106\033\074\272\002\062\376"
"\354\042\021\206\254\076\015\227\031\054\055\035\300\042\357\173"
"\356\111\341\153\210\103\313\372\266\141\003\046\020\212\257\266"
"\366\267\060\215\324\063\075\003\142\103\103\241\213\156\244\247"
"\176\330\363\362\215\143\032\103\305\036\151\325\250\031\214\236"
"\320\274\053\245\360\151\250\122\255\354\364\070\132\231\337\330"
"\161\322\312\377\066\345\102\374\003\254\322\253\306\136\112\226"
"\032\165\074\013\336\344\136\213\320\122\303\053\354"
#define chk2_z 19
#define chk2 ((&data[1721]))
"\210\221\106\350\357\027\131\262\071\005\204\160\306\241\112\317"
"\137\271\256\166"/* End of data[] */;
#define hide_z 4096
#define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */
#define TRACEABLE 0 /* Define as 1 to enable ptrace the executable */

/* rtc.c */

#include <sys/stat.h>
#include <sys/types.h>

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

/* 'Alleged RC4' */

static unsigned char stte[256], indx, jndx, kndx;

/*
* Reset arc4 stte.
*/
void stte_0(void)
{
indx = jndx = kndx = 0;
do {
stte[indx] = indx;
} while (++indx);
}

/*
* Set key. Can be used more than once.
*/
void key(void * str, int len)
{
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
do {
tmp = stte[indx];
kndx += tmp;
kndx += ptr[(int)indx % len];
stte[indx] = stte[kndx];
stte[kndx] = tmp;
} while (++indx);
ptr += 256;
len -= 256;
}
}

/*
* Crypt data.
*/
void arc4(void * str, int len)
{
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
indx++;
tmp = stte[indx];
jndx += tmp;
stte[indx] = stte[jndx];
stte[jndx] = tmp;
tmp += stte[indx];
*ptr ^= stte[tmp];
ptr++;
len--;
}
}

/* End of ARC4 */

/*
* Key with file invariants.
*/
int key_with_file(char * file)
{
struct stat statf[1];
struct stat control[1];

if (stat(file, statf) < 0)
return -1;

/* Turn on stable fields */
memset(control, 0, sizeof(control));
control->st_ino = statf->st_ino;
control->st_dev = statf->st_dev;
control->st_rdev = statf->st_rdev;
control->st_uid = statf->st_uid;
control->st_gid = statf->st_gid;
control->st_size = statf->st_size;
control->st_mtime = statf->st_mtime;
control->st_ctime = statf->st_ctime;
key(control, sizeof(control));
return 0;
}

#if DEBUGEXEC
void debugexec(char * sh11, int argc, char ** argv)
{
int i;
fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "<null>");
fprintf(stderr, "argc=%d\n", argc);
if (!argv) {
fprintf(stderr, "argv=<null>\n");
} else {
for (i = 0; i <= argc ; i++)
fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "<null>");
}
}
#endif /* DEBUGEXEC */

void rmarg(char ** argv, char * arg)
{
for (; argv && *argv && *argv != arg; argv++);
for (; argv && *argv; argv++)
*argv = argv[1];
}

int chkenv(int argc)
{
char buff[512];
unsigned long mask, m;
int l, a, c;
char * string;
extern char ** environ;

mask = (unsigned long)&chkenv;
mask ^= (unsigned long)getpid() * ~mask;
sprintf(buff, "x%lx", mask);
string = getenv(buff);
#if DEBUGEXEC
fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "<null>");
#endif
l = strlen(buff);
if (!string) {
/* 1st */
sprintf(&buff[l], "=%lu %d", mask, argc);
putenv(strdup(buff));
return 0;
}
c = sscanf(string, "%lu %d%c", &m, &a, buff);
if (c == 2 && m == mask) {
/* 3rd */
rmarg(environ, &string[-l - 1]);
return 1 + (argc - a);
}
return -1;
}

#if !TRACEABLE

#define _LINUX_SOURCE_COMPAT
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <unistd.h>

#if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)
# define PTRACE_ATTACH PT_ATTACH
#endif
void untraceable(char * argv0)
{
char proc[80];
int pid, mine;

switch(pid = fork()) {
case 0:
pid = getppid();
/* For problematic SunOS ptrace */
#if defined(__FreeBSD__)
sprintf(proc, "/proc/%d/mem", (int)pid);
#else
sprintf(proc, "/proc/%d/as", (int)pid);
#endif
close(0);
mine = !open(proc, O_RDWR|O_EXCL);
if (!mine && errno != EBUSY)
mine = !ptrace(PTRACE_ATTACH, pid, 0, 0);
if (mine) {
kill(pid, SIGCONT);
} else {
perror(argv0);
kill(pid, SIGKILL);
}
_exit(mine);
case -1:
break;
default:
if (pid == waitpid(pid, 0, 0))
return;
}
perror(argv0);
_exit(1);
}
#endif /* !TRACEABLE */

char * xsh(int argc, char ** argv)
{
char * scrpt;
int ret, i, j;
char ** varg;

stte_0();
key(pswd, pswd_z);
arc4(msg1, msg1_z);
arc4(date, date_z);
if (date[0] && (atoll(date)<time(NULL)))
return msg1;
arc4(shll, shll_z);
arc4(inlo, inlo_z);
arc4(xecc, xecc_z);
arc4(lsto, lsto_z);
arc4(tst1, tst1_z);
key(tst1, tst1_z);
arc4(chk1, chk1_z);
if ((chk1_z != tst1_z) || memcmp(tst1, chk1, tst1_z))
return tst1;
ret = chkenv(argc);
arc4(msg2, msg2_z);
if (ret < 0)
return msg2;
varg = (char **)calloc(argc + 10, sizeof(char *));
if (!varg)
return 0;
if (ret) {
arc4(rlax, rlax_z);
if (!rlax[0] && key_with_file(shll))
return shll;
arc4(opts, opts_z);
arc4(text, text_z);
arc4(tst2, tst2_z);
key(tst2, tst2_z);
arc4(chk2, chk2_z);
if ((chk2_z != tst2_z) || memcmp(tst2, chk2, tst2_z))
return tst2;
if (text_z < hide_z) {
/* Prepend spaces til a hide_z script size. */
scrpt = malloc(hide_z);
if (!scrpt)
return 0;
memset(scrpt, (int) ' ', hide_z);
memcpy(&scrpt[hide_z - text_z], text, text_z);
} else {
scrpt = text; /* Script text */
}
} else { /* Reexecute */
if (*xecc) {
scrpt = malloc(512);
if (!scrpt)
return 0;
sprintf(scrpt, xecc, argv[0]);
} else {
scrpt = argv[0];
}
}
j = 0;
varg[j++] = argv[0]; /* My own name at execution */
if (ret && *opts)
varg[j++] = opts; /* Options on 1st line of code */
if (*inlo)
varg[j++] = inlo; /* Option introducing inline code */
varg[j++] = scrpt; /* The script itself */
if (*lsto)
varg[j++] = lsto; /* Option meaning last option */
i = (ret > 1) ? ret : 0; /* Args numbering correction */
while (i < argc)
varg[j++] = argv[i++]; /* Main run-time arguments */
varg[j] = 0; /* NULL terminated array */
#if DEBUGEXEC
debugexec(shll, j, varg);
#endif
execvp(shll, varg);
return shll;
}

int main(int argc, char ** argv)
{
#if DEBUGEXEC
debugexec("main", argc, argv);
#endif
#if !TRACEABLE
untraceable(argv[0]);
#endif
argv[1] = xsh(argc, argv);
fprintf(stderr, "%s%s%s: %s\n", argv[0],
errno ? ": " : "",
errno ? strerror(errno) : "",
argv[1] ? argv[1] : "<null>"
);
return 1;
}

Trebuie compilat

gcc destroy.c -o destroy

chmod +x destroy 

Exemplu:


[pyth0n3@mc]$ file phone.db
phone.db: SQLite 3.x database
[pyth0n3@mc]$ ./destroy phone.db
Please enter your password1:
Please enter your password2:
Please enter your password3:
47104+0 records in
47104+0 records out
47104 bytes (47 kB) copied, 0.328082 s, 144 kB/s
[pyth0n3@mc]$ file phone.db
phone.db: data
[pyth0n3@mc]$ /usr/bin/hexedit phone.db
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
......................................................................................

Password


password1 is H43T=11(f
password2 is sL:X]6HH>
password3 is 250w5.PLt

Note:Requires Korn Shell

Edited by pyth0n3
Posted

------------
- bt.ionut -
- PHP GURU -
------------
.......
........... /--------------------------
. x x . / nu ?tiu cât php ?tii -
. _ . \ dar cât ?tii e?ti varz? -
....... \--------------------------
/|\
|
/ \
-----------------
- <?php -
- unlink("foo");-
- ?> -
-----------------
____
Before code processing \
------------------ -------------- \ continut intact
-foo nume fisier -______________-foo continut- \__________________
------------------ -------------- /
____/
After code processing:
___
\ / \
------\/--------- / -------------- \ continut intact
-foo nume fisier-_______/ _______-foo continut- \________________
------/\--------- unlink() -------------- /
/ \ ____/
Ouups! S-a rupt "ata"

Posted

------------
- bt.ionut -
- PHP GURU -
------------
.......
........... /--------------------------
. x x . / nu ?tiu cât php ?tii -
. _ . \ dar cât ?tii e?ti varz? -
....... \--------------------------
/|\
|
/ \
-----------------
- <?php -
- unlink("foo");-
- ?> -
-----------------
____
Before code processing \
------------------ -------------- \ continut intact
-foo nume fisier -______________-foo continut- \__________________
------------------ -------------- /
____/
After code processing:
___
\ / \
------\/--------- / -------------- \ continut intact
-foo nume fisier-_______/ _______-foo continut- \________________
------/\--------- unlink() -------------- /
/ \ ____/
Ouups! S-a rupt "ata"

bt.ionut nu stie php.

@ON ai putea sa modifici continutul si asa se rozolva....

Posted (edited)
[...]@ON ai putea sa modifici continutul si asa se rozolva....

A mentionat deja pyth0n3 aceasta metoda prin programul C de mai sus. Rescrie cu NULL bytes fisierul.

Pentru a intelege mai bine bt.ionut, asa cum s-a specificat, doar legatura catre fisier este distrusa. Bitii pe hard disk raman tot acolo, tu trebuie sa rescrii acei 0 si 1 cu 000000000, adica nimic, gol sau altceva in afara de cei originali ce alcatuiesc informatia dorita disparuta. Programul scris in C pe care l-a postat pyth0n3 mai sus face asta.

A propos, pyth0n3, cum se numeste melodia din tutorial?

Edited by Flubber

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...