Hello Admins! I am having a little bit of a problem with my "sed" syntax and I was hoping maybe someone could help me figure out what I am doing wrong. I am still pretty nub with 'sed' and it would make my job a lot easier if I could figure this one thing out (and I bet it's something stupid I missed pouring over sites reading).
I understand that using "sed" this way:
sed -i '/START/,/END/d' Would delete all lines between, and including, START & END. So here is where I am having my syntax problem. Client has 50+ files infected with iframe injections that the AV's weren't picking up (had to grep for them), so I can't use the AV to clean the files, and I REALLY don't wanna go in and hand delete the code 1 by 1. Problem is, the start of the malicious code, starts on the "body" line of the .html. and uses characters that "sed" doesn't seem to like. Like this:
<body><!--c3284d-->Code_Here_Is_about_ten_lines_long<!--/c3284d--> Is there a way that I can format "sed" to delete everything after the body .html tag? Between the start and end of the code? Here is what I have tried based on what I have been reading about "sed" (This is where I am stuck...):
sed '/<!--c3284d-->/,/<!--_/c3284d-->/ s/<body>.*//' Thanks in advance for the help with my weak sed-fu!
SOLVED In a roundabout way...
Created a Bash file and add a sed for each line:
#!/bin/bash sed -i 's/<...c3284d.*x=2\;.//g' $1 sed -i 's/if.x.*fromChar.*\;.//g' $1 sed -i 's/if.x.*c3284d...//g' $1 Then just called it in a 'for' loop. Dirty but worked :)
[link] [5 comments]