WSO Web Shell – PHP Shell Used by Hackers

Published on 2013/04/06, by in linux, sysadmin.




There are various php shells which provide a control panel view of your server. A popular one has a variation and is known as the ‘WSO Web Shell’. Here’s the scoop!


The actual shell and control panel is a small 74k single php file that just has to be uploaded in some fashion to a compromised server (via a vulnerability, weak ftp creds, poorly written software, etc). Once uploaded, the php file issues out a clever fake 404 page along with a hidden form to enter the password.


Once inside, there are various options such as browsing the entire server, uploaded and executing code, performing database actions, and more. If the uploaded directory is owned by the apache user, quite a bit of damage can be done – no root needed! Below are some pictures as well as a quick video.







And here’s that shell (v2.1):
http://pastebin.com/iqNjQfRW

It was on github:

https://github.com/orbweb/PHP-SHELL-WSO


Latest version is v2.5.1 which can be found here:
http://packetstormsecurity.com/files/download/117974/wso2.5.1.zip

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Home linux WSO Web Shell – PHP Shell Used by Hackers