API tools faq
paste
PalmaSolutions

good greps

PalmaSolutions
Mar 9th, 2019
323
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.14 KB | None | 0 0
raw download clone embed print report
  1.  
  2. grep -ril '$.* = .*$.* = Array.*$.* = $.*.$.*$.* =
  3. $.*.$.*0.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*0.*.$.*.$.*.$.*.$.*.$.*0.*.$.*.$.*.$.*.$.*.$.*0.*.$.*.$.*.$.*.$.*.$.*0.*.$.*.$.*0.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*$.*
  4. = $.*$.* = $.*.$.*.$.*0.*.$.*0.*.$.*$.* =
  5. $.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*0.*.$.*$.* =
  6. $.*.$.*.$.*.$.*.$.*.$.*.$.*$.* = $.*.$.*0.*.$.*.$.*.$.*.$.*$.* =
  7. $.*0.*.$.*.$.*.$.*0.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*$.* =
  8. $.*.$.*.$.*.$.*.$.*.$.*0.*$.* = $.*.$.*0.*.$.*.$.*foreach
  9. .*$.*$_COOKIE.* $_POST.* as $.* => $.*function .*$.* $.* $.*return
  10. $.*$.*$.* . $.* .*$.* / $.*$.* + .* 0.* $.*function .*$.* $.*return
  11. @$.*$.*0.* $.*function .*$.* $.*$.* = $.*$.* % .*if .*!$.*
  12. .*eval.*$.*$.*exit.*$.* = .*$.* $.*$.* $.*$.* $.* ^ .*$.* $.* $.*$.*'
  13. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  14. /home/efath0/infected.files.list.txt
  15.  
  16. grep -ril '$.* = .*$.* = Array.*$.* = $.*.$.*$.* = $.*$.* =
  17. $.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*$.*
  18. = $.*.$.*.$.*.$.*.$.*$.* = $.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*$.* =
  19. $.*.$.*.$.*.$.*.$.*.$.*.$.*$.* = $.*.$.*.$.*.$.*.$.*.$.*$.* =
  20. $.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*.$.*$.* =
  21. $.*.$.*.$.*.$.*.$.*.$.*$.* = $.*.$.*.$.*.$.*foreach .*$.*$_COOKIE.*
  22. $_POST.* as $.* => $.*function .*$.* $.* $.*return $.*$.*$.* . $.* .*$.*
  23. / $.*$.* + .* .* $.*function .*$.* $.*return @$.*$.* $.*function .*$.*
  24. $.*$.* = $.*$.* % .*if .*$.* .*eval.*$.*$.*exit.*$.* = .*$.* $.*$.*
  25. $.*$.* $.* ^ .*$.* $.* $.*$' --include=*.{php,phtml}*
  26. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  27.  
  28. grep -ril '<?php
  29. for.*ord.*$.*$.*$.*++.*if.*$.*$.*$.*$.*$.*else.*$.*chr.*$.*$.*$.*+.*$.*$.*++$.*eval.*$.*
  30. .*?>' --include=*.{php,phtml}* /home/efath0/public_html/ >>
  31. /home/efath0/infected.files.list.txt
  32.  
  33. grep -ril ' eval(base64_decode($.*)).* ?>' --include=*.{php,phtml}*
  34. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  35.  
  36. grep -ril 'if.* .*_POST.*_upl.* == .*Upload.* .* .*
  37. if.*@copy.*_FILES.*file.*tmp_name.* .*_FILES.*file.*name.* .* echo .*;
  38. .* else .* echo .*; .* .*' --include=*.{php,phtml}*
  39. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  40.  
  41. grep -ril 'echo.*eval(urldecode($.*));' --include=*.{php,phtml}*
  42. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  43.  
  44. grep -ril '@system(.*killall -9 .*.basename(.*/usr/bin/host.*));'
  45. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  46. /home/efath0/infected.files.list.txt
  47.  
  48. grep -ril 'if($.*=@fsockopen($.*$this->.*[.*(.*)].*$.*$.*$.*(.*)))'
  49. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  50. /home/efath0/infected.files.list.txt
  51.  
  52. grep -ril
  53. '<.*php.*create_function.*(.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*x.*\.*).*?>'
  54. --include=*.{php,phtml}* /home/efath0 >>
  55. /home/efath0/infected.files.list.txt
  56.  
  57. grep -ril
  58. 'GLOBALS.*Array.*global.*GLOBALS.*NULL.*NULL.*NULL.*function.*return.*function.*global.*Array.*elseif.*eval.*exit'
  59. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  60. /home/efath0/infected.files.list.txt
  61.  
  62. grep -ril
  63. '(.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*)'
  64. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  65. /home/efath0/infected.files.list.txt
  66.  
  67. grep -ril 'eval.*str_rot13.*gzinflate.*str_rot13.*base64_decode'
  68. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  69. /home/efath0/infected.files.list.txt
  70.  
  71. grep -ril '<?php.*if.*isset.*REQUEST.*REQUEST.*exit;}?>'
  72. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  73. /home/efath0/infected.files.list.txt
  74.  
  75. grep -ril 'if.*isset.*GLOBALS.*GLOBALS.*&&.*GLOBALS.*GLOBALS'
  76. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  77. /home/efath0/infected.files.list.txt
  78.  
  79. grep -ril 'function.*return.*str_repeat.*ceil.*strlen.*strlen'
  80. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  81. /home/efath0/infected.files.list.txt
  82.  
  83. grep -ril 'MailTo.*base64_decode.*POST.*mailto' --include=*.{php,phtml}*
  84. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  85.  
  86. grep -ril 'eval.*gzinflate.*base64_decode' --include=*.{php,phtml}*
  87. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  88.  
  89. grep -ril
  90. 'strtolower.*if.*strstr.*or.*strstr.*if.*function_exists.*or.*strstr.*or.*array_map.*str_split.*function.*GLOBALS.*or.*strstr.*return.*chr.*ord.*error_reporting.*explode.*chr.*substr.*if.*function_exists.*function.*for.*sizeof.*substr.*return.*chr.*chr.*explode.*chr.*preg_replace'
  91. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  92. /home/efath0/infected.files.list.txt
  93.  
  94. grep -ril
  95. 'if.*function_exists.*function.*base64_decode.*ord.*ord.*strlen.*preg_match.*base64_decode.*if.*exit.*if.*if.*if.*ord.*for.*else.*for.*else.*if.*return.*eval'
  96. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  97. /home/efath0/infected.files.list.txt
  98.  
  99. grep -ril 'GLOBALS.*Array.*foreach.*eval.*exit.*php'
  100. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  101. /home/efath0/infected.files.list.txt
  102.  
  103. grep -ril 'php.*if.*isset.*REQUEST.*assert.*REQUEST.*exit'
  104. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  105. /home/efath0/infected.files.list.txt
  106.  
  107. grep -ril 'create_function.*base64_decode' --include=*.{php,phtml}*
  108. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  109.  
  110. grep -ril
  111. 'isset.*POST.*isset.*COOKIE.*NULL.*if.*NULL.*md5.*substr.*md5.*strrev.*strlen.*for.*chr.*if.*gzinflate.*if.*isset.*setcookie.*POST.*create_function.*unset'
  112. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  113. /home/efath0/infected.files.list.txt
  114.  
  115. grep -ril
  116. 'isset.*POST.*POST.*isset.*COOKIE.*COOKIE.*NULL.*if.*NULL.*md5.*substr.*md5.*strrev.*strlen.*for.*chr.*if.*gzinflate.*if.*isset.*setcookie.*POST.*create_function.*unset'
  117. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  118. /home/efath0/infected.files.list.txt
  119.  
  120. grep -ril 'php.*if.*isset.*eval' --include=*.{php,phtml}*
  121. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  122.  
  123. grep -ril 'GLOBALS.*Array.*GLOBALS.*function.*return.*echo.*eval.*exit'
  124. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  125. /home/efath0/infected.files.list.txt
  126.  
  127. grep -ril 'function.*for.*strlen.*++.*isset' --include=*.{php,phtml}*
  128. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  129.  
  130. grep -ril 'new.*JApplication.*array.*UID.*' --include=*.{php,phtml}*
  131. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  132.  
  133. grep -ril 'strtolower.*strtoupper.*if.*isset.*eval'
  134. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  135. /home/efath0/infected.files.list.txt
  136.  
  137. grep -ril 'eval.*gzuncompress.*base64_decode' --include=*.{php,phtml}*
  138. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  139.  
  140. grep -ril
  141. 'GLOBALS.*GLOBALS.*if.*empty.*GLOBALS.*eval.*GLOBALS.*GLOBALS.*echo'
  142. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  143. /home/efath0/infected.files.list.txt
  144.  
  145. grep -ril 'php.*preg_replace.*SERVER.*HTTP.*SERVER.*HTTP.*CURRENT'
  146. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  147. /home/efath0/infected.files.list.txt
  148.  
  149. grep -ril
  150. 'php.*if.*isset.*GLOBALS.*strtolower.*strstr.*strstr.*GLOBALS.*php'
  151. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  152. /home/efath0/infected.files.list.txt
  153.  
  154. grep -ril 'function.*return.*NULL.*preg_replace'
  155. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  156. /home/efath0/infected.files.list.txt
  157.  
  158. grep -ril
  159. 'explode.*chr.*if.*function_exists.*function.*NULL.*for.*return.*NULL'
  160. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  161. /home/efath0/infected.files.list.txt
  162.  
  163. grep -ril "function.*for.*strlen.*++" --include=*.{php,phtml}*
  164. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  165.  
  166. grep -ril 'function.*for.*strlen.*isset' --include=*.{php,phtml}*
  167. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  168.  
  169. grep -ril
  170. 'GLOBALS.*GLOBALS.*global.*function.*for.*function.*global.*return.*if.*Array.*else.*eval.*exit.*php'
  171. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  172. /home/efath0/infected.files.list.txt
  173.  
  174. grep -ril
  175. 'php.*function.*Array.*return.*base64_decode.*error_reporting.*mb_internal_encoding.*mb_regex_encoding.*mb_http_output.*mb_http_input.*mb_language.*mb_strtolower.*mb_substr.*function'
  176. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  177. /home/efath0/infected.files.list.txt
  178.  
  179. grep -ril 'array.*strrev.*strrev.*eval.*implode.*?>'
  180. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  181. /home/efath0/infected.files.list.txt
  182.  
  183. grep -ril 'array.*strrev.*implode.*array.*implode.*?>'
  184. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  185. /home/efath0/infected.files.list.txt
  186.  
  187. grep -ril 'strtoupper.*if.*eval' --include=*.{php,phtml}*
  188. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  189.  
  190. grep -ril
  191. '<?php.*function_exists.*explode.*chr.*substr.*function_exists.*function
  192. mugvsjx.*NULL.*substr.*?>.*<?php' --include=*.{php,phtml}*
  193. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  194.  
  195. grep -ril '<?php.*preg_replace.*(.*_REQUEST.*[.*].*).*?>'
  196. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  197. /home/efath0/infected.files.list.txt
  198.  
  199. grep -ril
  200. '<?php.*return.*chr.*str_split.*GLOBALS.*function_exists.*explode.*substr.*explode.*chr.*?>'
  201. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  202. /home/efath0/infected.files.list.txt
  203.  
  204. grep -ril
  205. '<?php.*if.*isset.*GLOBALS.*strtolower.*SERVER.*if.*strstr.*strstr.*GLOBALS.*?><?php'
  206. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  207. /home/efath0/infected.files.list.txt
  208.  
  209. grep -ril
  210. '<?php.*preg_replace.*isset.*GLOBALS.*function.*preg_replace.*explode.*chr.*substr.*function_exists.*function.*substr.*?><?php'
  211. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  212. /home/efath0/infected.files.list.txt
  213.  
  214. grep -ril
  215. '<?php.*$GLOBALS.*if.*function_exists.*function.*$GLOBALS.*pack.*return.*substr.*?><?php'
  216. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  217. /home/efath0/infected.files.list.txt
  218.  
  219. grep -ril '<?php.*strtoupper.*if.*isset.*eval.*?>'
  220. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  221. /home/efath0/infected.files.list.txt
  222.  
  223. grep -ril
  224. '<?php.*$GLOBALS.*isset.*$GLOBALS.*explode.*substr.*function_exists.*function.*?><?php'
  225. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  226. /home/efath0/infected.files.list.txt
  227.  
  228. grep -ril
  229. '<?php.*strtolower.*$GLOBALS.*strstr.*function_exists.*substr.*explode.*?><?php'
  230. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  231. /home/efath0/infected.files.list.txt
  232.  
  233. grep -ril
  234. '<?php.*isset.*$GLOBALS.*strtolower.*$_SERVER.*strstr.*function_exists.*function.*?><?php'
  235. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  236. /home/efath0/infected.files.list.txt
  237.  
  238. grep -ril '<?php.*if.*isset.*globals.*strtolower.*?>'
  239. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  240. /home/efath0/infected.files.list.txt
  241.  
  242. grep -ril '<?php.*globals.*eval.*?><?php' --include=*.{php,phtml}*
  243. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  244.  
  245. grep -ril '<?php.*!function_exists.*?><?php' --include=*.{php,phtml}*
  246. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  247.  
  248. grep -ril 'strstr.*implode.*array_map.*function_exists'
  249. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  250. /home/efath0/infected.files.list.txt
  251.  
  252. grep -ril 'if.*isset.*${$.*}.*eval.*;}.*?>' --include=*.{php,phtml}*
  253. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  254.  
  255. grep -ril
  256. '<?php.*strtolower.*[].*[].*[].*[].*[].*[].*strtoupper.*eval.*?>'
  257. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  258. /home/efath0/infected.files.list.txt
  259.  
  260. grep -ril
  261. 'str_split.*strtolower.*implode.*array_map.*strstr.*$GLOBALS.*!function_exists.*substr.*return.*explode.*chr'
  262. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  263. /home/efath0/infected.files.list.txt
  264.  
  265. grep -ril '<?php.*$GLOBALS.*!function_exists.*?><?php'
  266. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  267. /home/efath0/infected.files.list.txt
  268.  
  269. grep -ril "eval(base64_decode('.*').*);.*?>" --include=*.{php,phtml}*
  270. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  271.  
  272. grep -ril 'php.*isset.*strto' --include=*.{php,phtml}*
  273. /home/efath0/public_html/ >> /home/efath0/infected.files.list.txt
  274.  
  275. grep -ril
  276. 'isset.*SERVER.*strpos.*function.*substr.*function.*isset.*md5.*file_exists'
  277. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  278. /home/efath0/infected.files.list.txt
  279.  
  280. grep -ril
  281. 'if.*extension_loaded.*IonCube_loader.*strtolower.*substr.*php_uname().*ioncube_loader_.*substr.*phpversion.*if.*function_exists.*return.*preg_replace.*fopen.*realpath.*extension_dir.*dirname.*if.*strlen.*str_replace.*substr.*str_replace.*substr.*str_repeat.*substr_count.*strlen.*while.*if.*substr.*if.*fread.*filesize.*pack.*substr.*break.*eval.*return.*else.*die.*if.*function_exists.*return.*return'
  282. --include=*.{php,phtml}* /home/efath0/public_html/ >>
  283. /home/efath0/infected.files.list.txt
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!