PATH: var / www / clients / client1 / web1 / web / wp-content / plugins / wordfence / lib

<?php
class wfCrypt {
	private static function getPubKey(){
		#Command to generate our keypair was: openssl req -x509 -newkey rsa:2048 -keyout mycert.key -out mycert.pem -nodes -subj "/C=US/ST=Washington/L=Seattle/O=Wordfence/OU=IT/CN=wordfence.com" -days 7300
		#This is a 2048 bit key using SHA256 with RSA. 
		$key = <<<ENDKEY
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAIg6Va5tcvwyMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRIw
EAYDVQQKDAlXb3JkZmVuY2UxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA13b3JkZmVu
Y2UuY29tMB4XDTE1MDMxMjA1NTIzMFoXDTM1MDMwNzA1NTIzMFowbTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEjAQ
BgNVBAoMCVdvcmRmZW5jZTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXdvcmRmZW5j
ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9Ogj1PIQsuZu
dTUNWlG0zaDNWpeY1ZiB/6oBS/YXkGFuG8R/nZ/kYsRmBm6yRp/3jC/HiPjg+7Zc
bA/CKoHdUlNjFZ+10DmS369wVX+c0oV9f720b/a0xN0qeKxJTiN2NsAl5szYv2CQ
Bvzjeb5VfKgrfV9tgYr38swudxvexponYaK0OlDL3u/Xca4SLRKmB+ZYCcZJttoG
SNFsQMlLHWWmM0FJH9qZ3x8MtRM5KsNEWO+/op511Rr36ZnLJdzUnETsaxHKwuCv
0+D9b0mwk8K/c67l63v4+zywXNkdYIslgo7Aeeyb6t0lyyfruXutEyMinmApACT2
sDMAbYk7AgMBAAGjUDBOMB0GA1UdDgQWBBTstr/AoPQyLLIt4/peFSjj0FFXHzAf
BgNVHSMEGDAWgBTstr/AoPQyLLIt4/peFSjj0FFXHzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQA9HsK+XdZh2MGP2SDdggA+MxkNBCCFBtcsmQrpiLUW
67xt59FPRMwTgSA9Lt8uqcWaXoHXiaTnXTRtN/BKZR0F71HQfiV6zy511blIRlk2
nV+vYzwLUENCZ31hQEZsY+uYqBSTiHecUKohn8A9pOOEpis2YEn2zVo4cobdyGa1
zCnaAN99KT8s9lOO0UW0J52qZhvv4y8YhELtrXKBsFatGEsVIM0NFI+ZDsNpMnSQ
cmUtLiIJtk5hxNbOaIz2vzbOkbzJ3ehzODJ1X5rya7X0v2akLLhwP9jqz5ua6ttP
duLv4Q6v3LY6pwDoyKQMDqNNxVjaFmx5HyFWRPofpu/T
-----END CERTIFICATE-----
ENDKEY;
		return $key;
	}
	public static function makeSymHexKey($length){
		return bin2hex(wfWAFUtils::random_bytes($length / 2));
	}
	public static function pubCrypt($symKey){ //encrypts a symmetric key and returns it base64
		openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), OPENSSL_PKCS1_OAEP_PADDING); //The default OPENSSL_PKCS1_PADDING is deprecated.
		return base64_encode($encSymKey);
	}
	
	/**
	 * Returns the payload symmetrically encrypted and signed by the noc1 public key. The payload is converted to JSON, 
	 * encrypted using a randomly-generated symmetric key, and then hashed and signed with the noc1 public key.
	 * 
	 * This is NOT cryptographically secure for verifying that this server sent or was aware of the context of the 
	 * message, rather it is intended to be used in tandem with verification via another method (e.g., a call that 
	 * validates due to the site URL matching the license key or noc1 does a call itself to the server to retrieve the 
	 * encrypted payload). It is solely a means to provide data to noc1 that only it can read.
	 * 
	 * @param array $payload
	 * @return array The encrypted and signed payload in the form array('message' => <encrypted message in hex>, 'signature' => <signature in hex>).
	 */
	public static function noc1_encrypt($payload) {
		$payloadJSON = json_encode($payload);
		
		$keyData = file_get_contents(dirname(__FILE__) . '/noc1.key');
		$key = @openssl_get_publickey($keyData);
		if ($key !== false) {
			$symmetricKey = wfWAFUtils::random_bytes(32);
			$iv = wfWAFUtils::random_bytes(16);
			$encrypted = @openssl_encrypt($payloadJSON, 'aes-256-cbc', $symmetricKey, OPENSSL_RAW_DATA, $iv);
			if ($encrypted !== false) {
				$success = openssl_public_encrypt($symmetricKey, $symmetricKeyEncrypted, $key, OPENSSL_PKCS1_OAEP_PADDING);
				if ($success) {
					$message = $iv . $symmetricKeyEncrypted . $encrypted;
					$signatureRaw = hash('sha256', $message, true);
					$success = openssl_public_encrypt($signatureRaw, $signature, $key, OPENSSL_PKCS1_OAEP_PADDING);
					if ($success) {
						$package = array('message' => bin2hex($message), 'signature' => bin2hex($signature));
						return $package;
					}
				}
			}
		}
		return array();
	}
	
	/**
	 * Returns a SHA256 HMAC for $payload using the local long key.
	 * 
	 * @param $payload
	 * @return false|string
	 */
	public static function local_sign($payload) {
		return hash_hmac('sha256', $payload, wfConfig::get('longEncKey'));
	}
}

[-] menu_support.php [edit]
[-] wfBinaryList.php [edit]
[-] sysinfo.php [edit]
[-] menu_scanner.php [edit]
[-] wfViewResult.php [edit]
[-] wfScanMonitor.php [edit]
[-] wfScanEngine.php [edit]
[-] WFLSPHP52Compatability.php [edit]
[-] .htaccess [edit]
[-] wfSupportController.php [edit]
[-] wfConfig.php [edit]
[-] menu_firewall_waf.php [edit]
[-] menu_dashboard_options.php [edit]
[-] wfScan.php [edit]
[-] wfUtils.php [edit]
[-] wfDashboard.php [edit]
[-] wordfenceScanner.php [edit]
[+] Diff
[-] menu_tools_whois.php [edit]
[-] wfIpLocator.php [edit]
[-] wfUnlockMsg.php [edit]
[-] menu_wordfence_central.php [edit]
[-] wfDirectoryIterator.php [edit]
[-] wfHelperString.php [edit]
[-] wfDB.php [edit]
[-] live_activity.php [edit]
[-] wfCrawl.php [edit]
[-] email_genericAlert.php [edit]
[-] IPTrafList.php [edit]
[-] wfBrowscap.php [edit]
[-] geoip.mmdb [edit]
[-] wfAlerts.php [edit]
[-] wfWebsite.php [edit]
[-] noc1.key [edit]
[-] wfCurlInterceptor.php [edit]
[-] wordfenceHash.php [edit]
[-] wfDateLocalization.php [edit]
[-] menu_tools_importExport.php [edit]
[-] wfScanEntrypoint.php [edit]
[-] wfView.php [edit]
[-] menu_tools.php [edit]
[-] wfJWT.php [edit]
[-] wfCache.php [edit]
[-] menu_tools_livetraffic.php [edit]
[-] wfCrypt.php [edit]
[-] wfScanFile.php [edit]
[-] wfAdminNoticeQueue.php [edit]
[-] wfInaccessibleDirectoryException.php [edit]
[-] wfVersionCheckController.php [edit]
[-] wfRESTAPI.php [edit]
[-] wfDeactivationOption.php [edit]
[-] menu_tools_diagnostic.php [edit]
[-] flags.php [edit]
[-] email_newIssues.php [edit]
[-] wfBrowscapCache.php [edit]
[-] wfModuleController.php [edit]
[-] wfLicense.php [edit]
[-] wfIpLocation.php [edit]
[-] wfCredentialsController.php [edit]
[+] rest-api
[-] wordfenceClass.php [edit]
[-] wf503.php [edit]
[+] audit-log
[-] wfNotification.php [edit]
[-] wfLog.php [edit]
[-] wfActivityReport.php [edit]
[-] wfScanFileProperties.php [edit]
[-] wfHelperBin.php [edit]
[-] wfAPI.php [edit]
[-] viewFullActivityLog.php [edit]
[-] wfLockedOut.php [edit]
[-] wfScanPath.php [edit]
[-] sodium_compat_fast.php [edit]
[-] wfIssues.php [edit]
[-] wordfenceConstants.php [edit]
[-] menu_firewall_waf_options.php [edit]
[-] wfI18n.php [edit]
[-] menu_scanner_options.php [edit]
[-] IPTraf.php [edit]
[-] wfAuditLog.php [edit]
[-] wfCommonPasswords.php [edit]
[-] wfOnboardingController.php [edit]
[-] wfInvalidPathException.php [edit]
[-] email_unsubscribeRequest.php [edit]
[-] wordfenceURLHoover.php [edit]
[-] diffResult.php [edit]
[-] menu_firewall_blocking_options.php [edit]
[-] menu_scanner_credentials.php [edit]
[-] wfFileUtils.php [edit]
[-] wfPersistenceController.php [edit]
[-] wfVersionSupport.php [edit]
[-] Diff.php [edit]
[+] ..
[-] wfMD5BloomFilter.php [edit]
[-] wfUpdateCheck.php [edit]
[-] wfDiagnostic.php [edit]
[-] menu_install.php [edit]
[-] wfCentralAPI.php [edit]
[-] menu_options.php [edit]
[-] wfSchema.php [edit]
[-] menu_dashboard.php [edit]
[-] compat.php [edit]
[-] menu_firewall_blocking.php [edit]
[-] wfIPWhitelist.php [edit]
[-] wfBulkCountries.php [edit]
[-] menu_tools_auditlog.php [edit]
[-] email_unlockRequest.php [edit]
[-] menu_firewall.php [edit]
[-] wfScanFileListItem.php [edit]
[-] wfImportExportController.php [edit]
[-] menu_tools_twoFactor.php [edit]
[+] dashboard
[-] wfScanFileLink.php [edit]
[-] wfStyle.php [edit]

8:18 AM 12/29/2025 Vim Patior

Vim Patior

PHP Version : 7.4.30
+File +Directory

Uname : Linux web.kmline.de 5.4.59-9-rest #1 SMP Thu Aug 20 09:19:42 CEST 2020 x86_64

Path: ��/

Name	Size	PermissionAction

Coronatest.vip is under construction

Sorry, wir arbeiten gerade an der Seite

Danke für deine Geduld. Wir arbeiten gerade an der Website und sind in Kürze wieder zurück.