WSO Web Shell – PHP Shell Used by Hackers

By | 2013/04/06

There are various php shells which provide a control panel view of your server. A popular one has a variation and is known as the ‘WSO Web Shell’. Here’s the scoop!

The actual shell and control panel is a small 74k single php file that just has to be uploaded in some fashion to a compromised server (via a vulnerability, weak ftp creds, poorly written software, etc). Once uploaded, the php file issues out a clever fake 404 page along with a hidden form to enter the password.

Once inside, there are various options such as browsing the entire server, uploaded and executing code, performing database actions, and more. If the uploaded directory is owned by the apache user, quite a bit of damage can be done – no root needed! Below are some pictures as well as a quick video.

And here’s that shell (v2.1):

Latest version is v2.5.1 which can be found here: