Ping a Specific Port

Question

Fox

Asked: 2013-07-06 15:33:35 +0800 CST2013-07-06 15:33:35 +0800 CST 2013-07-06 15:33:35 +0800 CST

Looking for a shell command to read non-binary part of most common image types

772

A website I'm hosting on my dedicated server has been hacked. Some pictures have been infected with things like <?php eval(base64_decode(....));?>. I'm looking for a generic shell command which would able to read the headers of the most common image types (jpg, gif, tiff, etc.).

I tried jhead and others, jut jhead can only read EXIF data from JPG.

The aim is to find all infected images like this :

find -type f \( -iname "*jpg" -or -iname "*.jpeg" -or ... \) -exec sh -c 'magicimgheadersdisplay "{}" | grep eval" \;

2 Answers

Voted

Ignacio Vazquez-Abrams · Answer 1 · 2013-07-06T15:37:10+08:00

Ignacio Vazquez-Abrams

2013-07-06T15:37:10+08:002013-07-06T15:37:10+08:00

strings will display any printable bits it finds in a file. From there you can feed it into grep to find text within.

2

BillThor · Answer 2 · 2013-07-06T15:40:08+08:00

Best Answer

BillThor

2013-07-06T15:40:08+08:002013-07-06T15:40:08+08:00

grep -l can be used to report infected files. Try a command like

find -type f \( -iname "*jpg" -or -iname "*.jpeg" -or ... \) -print0 | xargs -0 grep -l '<?php eval(base64_decode'

The -print0 and -0 arguments allow filenames and paths to contain spaces.

0

Looking for a shell command to read non-binary part of most common image types

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?