Linux cyberpanel 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64
LiteSpeed
: 160.191.175.3 | : 216.73.216.114
Cant Read [ /etc/named.conf ]
8.2.29
aodai6801
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
local /
CyberCP /
[ HOME SHELL ]
Name
Size
Permission
Action
.git
[ DIR ]
drwxr-xr-x
.github
[ DIR ]
drwxr-xr-x
.idea
[ DIR ]
drwxr-xr-x
ApachController
[ DIR ]
drwxr-xr-x
CLManager
[ DIR ]
drwxr-xr-x
CLScript
[ DIR ]
drwxr-xr-x
CPScripts
[ DIR ]
drwxr-xr-x
CyberCP
[ DIR ]
drwxr-xr-x
IncBackups
[ DIR ]
drwxr-xr-x
WebTerminal
[ DIR ]
drwxr-xr-x
__pycache__
[ DIR ]
drwxr-xr-x
aiScanner
[ DIR ]
drwxr-xr-x
api
[ DIR ]
drwxr-xr-x
backup
[ DIR ]
drwxr-xr-x
baseTemplate
[ DIR ]
drwxr-xr-x
bin
[ DIR ]
drwxr-xr-x
cli
[ DIR ]
drwxr-xr-x
cloudAPI
[ DIR ]
drwxr-xr-x
conf
[ DIR ]
drwxr-xr-x
containerization
[ DIR ]
drwxr-xr-x
databases
[ DIR ]
drwxr-xr-x
dns
[ DIR ]
drwxr-xr-x
dockerManager
[ DIR ]
drwxr-xr-x
emailMarketing
[ DIR ]
drwxr-xr-x
emailPremium
[ DIR ]
drwxr-xr-x
examplePlugin
[ DIR ]
drwxr-xr-x
filemanager
[ DIR ]
drwxr-xr-x
firewall
[ DIR ]
drwxr-xr-x
ftp
[ DIR ]
drwxr-xr-x
guides
[ DIR ]
drwxr-xr-x
highAvailability
[ DIR ]
drwxr-xr-x
include
[ DIR ]
drwxr-xr-x
install
[ DIR ]
drwxr-xr-x
lib
[ DIR ]
drwxr-xr-x
lib64
[ DIR ]
drwxr-xr-x
locale
[ DIR ]
drwxr-xr-x
loginSystem
[ DIR ]
drwxr-xr-x
mailServer
[ DIR ]
drwxr-xr-x
managePHP
[ DIR ]
drwxr-xr-x
manageSSL
[ DIR ]
drwxr-xr-x
manageServices
[ DIR ]
drwxr-xr-x
packages
[ DIR ]
drwxr-xr-x
plogical
[ DIR ]
drwxr-xr-x
pluginHolder
[ DIR ]
drwxr-xr-x
pluginInstaller
[ DIR ]
drwxr-xr-x
postfixSenderPolicy
[ DIR ]
drwxr-xr-x
public
[ DIR ]
drwxr-xr-x
s3Backups
[ DIR ]
drwxr-xr-x
scripts
[ DIR ]
drwxr-xr-x
serverLogs
[ DIR ]
drwxr-xr-x
serverStatus
[ DIR ]
drwxr-xr-x
share
[ DIR ]
drwxr-xr-x
skin_customizations
[ DIR ]
drwxr-xr-x
testPlugin
[ DIR ]
drwxr-xr-x
tmp
[ DIR ]
drwx--x--x
to-do
[ DIR ]
drwxr-xr-x
tuning
[ DIR ]
drwxr-xr-x
userManagment
[ DIR ]
drwxr-xr-x
websiteFunctions
[ DIR ]
drwxr-xr-x
.DS_Store
12
KB
-rw-r--r--
.env
910
B
-rw-r--r--
.env.backup
443
B
-rw-r--r--
.env.template
911
B
-rw-r--r--
.gitignore
1.23
KB
-rw-r--r--
AllCPUbuntu.json
73.23
KB
-rw-r--r--
CONTRIBUTING.md
6.31
KB
-rw-r--r--
CPCent7repo.json
3.86
KB
-rw-r--r--
FetchIP.sh
117
B
-rw-r--r--
LICENSE
34.32
KB
-rw-r--r--
README.md
7.63
KB
-rw-r--r--
SECURITY_INSTALLATION.md
5.5
KB
-rw-r--r--
cert.pem
1.66
KB
-rw-r--r--
cyberpanel.min.js
11.77
MB
-rw-r--r--
cyberpanel.sh
89.28
KB
-rw-r--r--
cyberpanel_upgrade.sh
63.13
KB
-rw-r--r--
cyberpanel_utility.sh
13.36
KB
-rw-r--r--
faq.sh
4.04
KB
-rw-r--r--
fastapi_ssh_server.py
5.4
KB
-rw-r--r--
fastapi_ssh_server.service
400
B
-rw-r--r--
fix_cyberpanel_install.sh
3.95
KB
-rw-r--r--
index.html
752
B
-rw-r--r--
install.sh
2.74
KB
-rw-r--r--
key.pem
1.14
KB
-rw-r--r--
langcomp.sh
647
B
-rw-r--r--
lscpd-0.2.7
27.22
MB
-rw-r--r--
lscpd-0.3.1
27.63
MB
-rw-r--r--
lscpd.0.4.0
23.82
MB
-rw-r--r--
lscpd.aarch64
19.49
MB
-rw-r--r--
manage.py
805
B
-rw-r--r--
phpmyadmin.zip
14.4
MB
-rw-r--r--
preUpgrade.sh
396
B
-rw-r--r--
pyvenv.cfg
88
B
-rw-r--r--
requirments-old.txt
638
B
-rw-r--r--
requirments.txt
694
B
-rw-r--r--
snappymail_cyberpanel.php
2.23
KB
-rw-r--r--
test.php
18
B
-rw-r--r--
test.sh
0
B
-rw-r--r--
ubuntu-requirments.txt
1.51
KB
-rw-r--r--
upgrade.sh
1.07
KB
-rw-r--r--
version.txt
5
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : fastapi_ssh_server.py
import asyncio import asyncssh import tempfile import os from fastapi import FastAPI, WebSocket, WebSocketDisconnect, Query from fastapi.middleware.cors import CORSMiddleware import paramiko # For key generation and manipulation import io import pwd from jose import jwt, JWTError import logging app = FastAPI() # JWT_SECRET = "YOUR_SECRET_KEY" JWT_SECRET = "UL593fHGhLm5oZJyf98W1PX75mHmar-5HB3SQe9YwRc" JWT_ALGORITHM = "HS256" # Allow CORS for local dev/testing app.add_middleware( CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) SSH_USER = "your_website_user" # Replace with a real user for testing AUTHORIZED_KEYS_PATH = f"/home/{SSH_USER}/.ssh/authorized_keys" # Helper to generate a keypair def generate_ssh_keypair(): key = paramiko.RSAKey.generate(2048) private_io = io.StringIO() key.write_private_key(private_io) private_key = private_io.getvalue() public_key = f"{key.get_name()} {key.get_base64()}" return private_key, public_key # Add public key to authorized_keys with a unique comment def add_key_to_authorized_keys(public_key, comment): entry = f'from="127.0.0.1,::1" {public_key} {comment}\n' with open(AUTHORIZED_KEYS_PATH, "a") as f: f.write(entry) # Remove public key from authorized_keys by comment def remove_key_from_authorized_keys(comment): with open(AUTHORIZED_KEYS_PATH, "r") as f: lines = f.readlines() with open(AUTHORIZED_KEYS_PATH, "w") as f: for line in lines: if comment not in line: f.write(line) @app.websocket("/ws") async def websocket_endpoint(websocket: WebSocket, token: str = Query(None), ssh_user: str = Query(None)): # Re-enable JWT validation try: payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]) user = payload.get("ssh_user") if not user: await websocket.close() return except JWTError: await websocket.close() return home_dir = pwd.getpwnam(user).pw_dir ssh_dir = os.path.join(home_dir, ".ssh") authorized_keys_path = os.path.join(ssh_dir, "authorized_keys") os.makedirs(ssh_dir, exist_ok=True) if not os.path.exists(authorized_keys_path): with open(authorized_keys_path, "w"): pass os.chown(ssh_dir, pwd.getpwnam(user).pw_uid, pwd.getpwnam(user).pw_gid) os.chmod(ssh_dir, 0o700) os.chown(authorized_keys_path, pwd.getpwnam(user).pw_uid, pwd.getpwnam(user).pw_gid) os.chmod(authorized_keys_path, 0o600) private_key, public_key = generate_ssh_keypair() comment = f"webterm-{os.urandom(8).hex()}" entry = f'from="127.0.0.1,::1" {public_key} {comment}\n' with open(authorized_keys_path, "a") as f: f.write(entry) with tempfile.NamedTemporaryFile(delete=False) as keyfile: keyfile.write(private_key.encode()) keyfile_path = keyfile.name await websocket.accept() conn = None process = None try: conn = await asyncssh.connect( "localhost", username=user, client_keys=[keyfile_path], known_hosts=None ) process = await conn.create_process(term_type="xterm") async def ws_to_ssh(): try: while True: data = await websocket.receive_bytes() # Decode bytes to str before writing to SSH stdin process.stdin.write(data.decode('utf-8', errors='replace')) except WebSocketDisconnect: process.stdin.close() async def ssh_to_ws(): try: while not process.stdout.at_eof(): data = await process.stdout.read(1024) if data: # Defensive type check and logging logging.debug(f"[ssh_to_ws] Sending to WS: type={type(data)}, sample={data[:40] if isinstance(data, bytes) else data}") if isinstance(data, bytes): await websocket.send_bytes(data) elif isinstance(data, str): await websocket.send_text(data) else: await websocket.send_text(str(data)) except Exception as ex: logging.exception(f"[ssh_to_ws] Exception: {ex}") pass await asyncio.gather(ws_to_ssh(), ssh_to_ws()) except Exception as e: try: # Always send error as text (string) msg = f"Connection error: {e}" logging.exception(f"[websocket_endpoint] Exception: {e}") if isinstance(msg, bytes): msg = msg.decode('utf-8', errors='replace') await websocket.send_text(str(msg)) except Exception as ex: logging.exception(f"[websocket_endpoint] Error sending error message: {ex}") pass try: await websocket.close() except Exception: pass finally: # Remove key from authorized_keys and delete temp private key with open(authorized_keys_path, "r") as f: lines = f.readlines() with open(authorized_keys_path, "w") as f: for line in lines: if comment not in line: f.write(line) os.remove(keyfile_path) if process: process.close() if conn: conn.close()
Close
