WSO 2.6

WSO 2.6 (Web Shell by oRb) is an older version of a popular PHP-based web shell, dating back to around 2010-2011. It is a script used primarily in penetration testing or by malicious actors to gain remote control over compromised web servers. This report provides an overview of its purpose and features based on available documentation and analysis.

The primary purpose of WSO 2.6 is to provide a web-based interface for managing and exploiting a hacked server. It allows users to execute commands, manage files, access databases, and perform other administrative tasks remotely via a browser. It is often uploaded to vulnerable websites (e.g., via file upload exploits) to maintain persistent access. While it can be used for legitimate security testing on owned systems, it is commonly associated with unauthorized hacking activities.

File Manager: Browse, upload, download, edit, rename, delete files; supports zip/tar.gz compression; view files in hex or normal mode.
Command Execution: Run shell commands using PHP functions like system(), exec(), passthru(), shell_exec().
SQL Manager: Connect to MySQL/PostgreSQL databases, execute queries, dump data, and brute-force credentials.
PHP Code Execution: Directly evaluate and run PHP code on the server.
Back-Connect/Bind Shell: Establish reverse or bind shells using Perl for persistent access.
Brute-Force Tools: Built-in modules for cracking MySQL, PostgreSQL, and FTP passwords.
String Tools: Hash cracking (with online lookups), base64/hex conversions.
Server Information: Display PHP info, disabled functions, OS details, user privileges.
Search Functions: Search for text in files or specific file types.
Security Features: Cookie-based authentication with MD5 hashing; anti-bot measures to hide from search engines.
AJAX Support: Partial page refreshes for better usability.
Compact Size: Typically 18-25 KB, easy to obfuscate and hide.