HEX
Server: nginx/1.29.3
System: Linux 11979.bigscoots-wpo.com 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64
User: nginx (1068)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_open,proc_close,popen,show_source,cmd# Do not modify this line # 1684243876
$ pwd: /proc/1284358/cwd/bigscoots/
Upload Files
File: //proc/1284358/cwd/bigscoots/eitest-locate.sh
#!/bin/bash

# https://laskowski-tech.com/2018/04/19/cleaning-up-after-eitest/
# Created: 2018-04-16
# Updated: 2018-04-23
#
# Purpose: Eitest investigation script
#

# Watch for connections to sinkhole
sinkhole="192.42.116"

# Repeat in loop until you stop the script
while true; do
 connect=$(netstat -tpn | grep $sinkhole);

# If connection found then capture data
 if [[ $connect ]]; then

# Get pid from connection
 PID=$(echo $connect | awk '{print$7}' | cut -d '/' -f1);

# Strace pid
 (strace -yrTfs 1024 -e trace=sendto,connect,open,write -o eitest-trace-$PID.out -p $PID &)

# Get open files from lsof
 (lsof -p $PID > eitest-files-$PID.log &)

# Log some basic info about the connection and process
 ps aux | awk "(\$2 ~ /$PID/)"'{print $0}' >> eitest-connection-log.txt;
 echo $connect >> eitest-connection-log.txt;
 echo "asd" | mail -s "$HOSTNAME - eitest hit /root/bigscoots/eitest-files-$PID.log" [email protected]
 fi

sleep 0.01
done
@ Telegram