Last active
June 6, 2020 10:12
-
-
Save pforret/3974142 to your computer and use it in GitHub Desktop.
Clean PHP file of Mal/Badsrc-M - Troj/PHPShll-B infection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# updated in 2020 because my bash skills were not that sophisticated in 2012 | |
LIST=/tmp/LIST.TROJANS.$(date '+%Y%m%d').txt | |
PATT="eval(base64_decode" | |
REGEX="eval\(base64_decode" | |
if [[ ! -s "$LIST" ]] ; then | |
# find all infected php files and put them in $LIST file | |
grep -l -R --include=*.php "$PATT" * > "$LIST" | |
fi | |
wc -l "$LIST" | |
for INPUT in `cat $LIST` ; do | |
TEMP="$INPUT.tmp" | |
BAD="$INPUT.hacked" | |
< "$INPUT" awk 'NR == 1 { gsub(/^<\?php.*><\?php/,"<?php"); print $0 } NR > 1 {print $0}' > "$TEMP" | |
mv $INPUT $BAD && mv $TEMP $INPUT | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment