https://github.com/BlackArch/webshells
https://www.wordfence.com/blog/2017/06/wso-shell/
https://www2.recordedfuture.com/web-shell-analysis-part-1/
https://wordpress.org/plugins/wordfence/ Wordpress WAF
https://www.gravityscan.com can scan entire site with Gravityscan Accelerator installed
WSO is a favourite web shell among hackers because of its particularly powerful set of features:
- Easy to install, just upload single PHP file to web server
- Password protection
- Server information disclosure
- File management features like uploading, downloading, or editing files, creating directories, browsing through directories, and searching for text in files
- Command-line console
- Database administration
- PHP code execution
- Encoding and decoding text input
- Brute-force attacks against FTP or database servers
- Installation of a Perl script to act as a more direct backdoor on the server
- Tools exist to manage multiple sites infected with WSO
No comments:
Post a Comment