xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
添加工具English Version

0x333shadow.tar.gz


提交时间:2004-08-27
提交用户:uki
工具分类:其它工具
运行平台:Windows
工具大小:30208 Bytes
文件MD5 :058eed61307886505861ff2dfaa2a7c1
工具来源:http://www.0x333.org

擦PP很不错的工具,针对做了手脚的syslogd处理了一下

=============================================================================================================================
how to compile:

OS: Linux, FreeBSD, SunOS, IRIX

Linux:     gcc          0x333shadow.c -o 0x333shadow -D Linux
IRIX:      cc           0x333shadow.c -o 0x333shadow -D IRIX
FreeBSD:   gcc          0x333shadow.c -o 0x333shadow -D FreeBSD
SunOS:     cc/gcc       0x333shadow.c -o 0x333shadow -D SunOS -lsocket

=============================================================================================================================

ABOUT 0x333shadow.

0x333shadow is a tool, that allow you hide your track in a system, it's clean default dirs with a recursive scan
including subdirectory.
Clean all text files, automatic skip ELF or other binary file... clean only "known" binary logs as utmp, utmpx, wtmp,
wtmpx, lastlog.
Syslogd is killed watching in default pid files, so if it hasn't default name "syslogd" will be killed anyhow.
If pid is getted, will be getted binary of syslogd and if option -f exists, will be getted the extra conf, and so
0x333shadow will try read it, and search other logs, if -f doesn't exists, will watch default syslogd's confs, and
every log founded, will be cleaned if will not be empty.
If pid files will not be founded, it will try get pid in another way, opening a pipe to ps, executing a simple:

[*]  "ps -ef/aux | grep syslogd"

If output will not be empty, we get and kill it, same thing will be done for -f option, if exists.
When a log was clenaed, it will be renamed with true name file, and all permission, last access etc.  will be resetted
equal to those of old log.
In more check if acct and snoopy, are in the system, and alert you if are logging your action... and at the end, shadow
will check all interfaces on the system in use, and will try found interface in promisc mode, probable sniffer.

You can specify to 0x333shadow, what action execute, if clean all, only a file, other file, others dirs etc.  if search
in syslogd, or not, if clean to logout... and other stuff...

I included a feature, any system can log, your logout, then, you can use 0x333shadow with option -l and tell it a
numbers of secs that it have to sleep, then when you logout, it will try execute.

mail me davide@looker.it bugs, idea, or other :P

nsn of outsiders.
www.0x333.org
=============================================================================================================================

>> 下载 <<