Linux puskom-ProLiant-DL385-Gen10 5.4.0-150-generic #167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023 x86_64
/
var
/
www
/
html
/
bkd
/
berkas
/
/var/www/html/bkd/berkas/s.sh
#!/bin/bash # Quick scan jejak "defunct" backdoor # Jalankan sebagai root echo "[*] Mencari file bernama defunct atau defunct.dat..." find / -type f \( -name "defunct" -o -name "defunct.dat" \) 2>/dev/null echo echo "[*] Mencari proses dengan nama defunct..." ps -ef | grep "[d]efunct" echo echo "[*] Mengecek detail proses defunct..." for pid in $(pgrep -x defunct); do echo " PID: $pid" ls -l /proc/$pid/exe 2>/dev/null ls -l /proc/$pid/cwd 2>/dev/null ls -l /proc/$pid/root 2>/dev/null # Cari inode dari executable inode=$(stat -c %i /proc/$pid/exe 2>/dev/null) if [[ -n "$inode" && "$inode" != "0" ]]; then echo " [*] Mencari file dengan inode $inode ..." find / -inum "$inode" 2>/dev/null fi done echo echo "[*] Pencarian selesai."