WARNING !

This is a Copy of the WSO webshell made by @Hardlinux @Twelp that got eliminated from github.

This is a real hacking Webshell widely used by hackers to backdoor hacked websites, it's flawed as malware by almost every AV and probably your webhosting service will delete the file ASAP, so you need to encode it with a PHP service, with base64 or other method.

All WSO 4.2.5 password is admin 404 WSO 2.4 password is 404

You can change it in the code.

I am not the original author of this webshell this is a backup repo. Be aware of this.

If you need any help or want your modded webshell to be added here, open an issue.

Files description

• wso_v_4.2.5.php is the latest master known in the original repo. It has a Watching webshell! part that will email the link of the webshell when used for the first time.
• wso_v_4.2.5-non-backdored > WSO 4.2.5 latest, it's the same file but without the email function.
• WSO(2.4)_with_error_404_hidden is an OLD webshell that got modified to show a 404 Error, it has a hidden password field use TAB to type in it.
• wso.5.1.4.php This webshell have a proxy function that needs PHP Curl, that normaly is NOT installed in some servers, if you encounter the issue, just delete the function, it also have a watchshell function that emails the link of the webshell to the email in the code, edit it.