mtvee · January 3, 2016 15:29
diff --git a/fixtard.py b/fixtard.py
 #!/usr/bin/env python2
 # Some fucker infected all the php files on the server with by injecting some
 # obfuscated bullshit at the start of each file. This script pulls out the
 # crap and rewrites the file.

 import os
 import fnmatch
 import re

 infection = {}
 infected = []
 skipped = []

 for root, dirs, files in os.walk('.'):
    for pfile in fnmatch.filter( files, "*.php" ):
        fname = os.path.join( root, pfile )
        content = ""
        fin = open( fname, 'r')
        content = fin.read()
        fin.close()
        if len(content) == 0:
            continue
        p = re.compile('(^<\?php .*\?>)<?[\?php|html|HTML|!DOCTYPE|\n]')
        m = p.match( content )
        if m:
            # keep track of the infection string and use that to look too
            if m.group(1) in infection:
                infection[m.group(1)] += 1
            else:
                infection[m.group(1)] = 1
            content = content[len(m.group(1)):-1]
            o = open( fname, 'w' )
            o.write( content )
            o.close()
            infected.append( fname )
        else:
            found = False
            # see if we can find the infection string at the beginning of the file
            for key in infection.keys():
                if content.find(key) == 0:
                    content = content[len(key):-1]
                    o = open( fname, 'w' )
                    o.write( content )
                    o.close()
                    infected.append( fname )
                    found = True
                    break
            if not found:
                skipped.append( fname )

 print "# %d infections" % len(infection.keys())
 print "# Infected"
 for f in infected:
    print f
 print
 print "# Skipped"
 for f in skipped:
    print f
 print

 print "# %d infected files found and cleaned" % len(infected)
 print "# %d files were skipped" % len(skipped)
	#!/usr/bin/env python2
	# Some fucker infected all the php files on the server with by injecting some
	# obfuscated bullshit at the start of each file. This script pulls out the
	# crap and rewrites the file.

	import os
	import fnmatch
	import re

	infection = {}
	infected = []
	skipped = []

	for root, dirs, files in os.walk('.'):
	for pfile in fnmatch.filter( files, "*.php" ):
	fname = os.path.join( root, pfile )
	content = ""
	fin = open( fname, 'r')
	content = fin.read()
	fin.close()
	if len(content) == 0:
	continue
	p = re.compile('(^<\?php .*\?>)<?[\?php\|html\|HTML\|!DOCTYPE\|\n]')
	m = p.match( content )
	if m:
	# keep track of the infection string and use that to look too
	if m.group(1) in infection:
	infection[m.group(1)] += 1
	else:
	infection[m.group(1)] = 1
	content = content[len(m.group(1)):-1]
	o = open( fname, 'w' )
	o.write( content )
	o.close()
	infected.append( fname )
	else:
	found = False
	# see if we can find the infection string at the beginning of the file
	for key in infection.keys():
	if content.find(key) == 0:
	content = content[len(key):-1]
	o = open( fname, 'w' )
	o.write( content )
	o.close()
	infected.append( fname )
	found = True
	break
	if not found:
	skipped.append( fname )

	print "# %d infections" % len(infection.keys())
	print "# Infected"
	for f in infected:
	print f
	print
	print "# Skipped"
	for f in skipped:
	print f
	print

	print "# %d infected files found and cleaned" % len(infected)
	print "# %d files were skipped" % len(skipped)