P.A.S. Webshell
P.A.S. Webshell is a publicly available multifunctional PHP webshell in use since at least 2016 that provides remote access and execution on target web servers.[1]
Associated Software Descriptions
| Name | Description |
|---|---|
| Fobushell |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1087 | .001 | Account Discovery: Local Account |
P.A.S. Webshell can display the /etc/passwd file on a compromised host.[1] |
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
P.A.S. Webshell can issue commands via HTTP POST.[1] |
| Enterprise | T1110 | .001 | Brute Force: Password Guessing |
P.A.S. Webshell can use predefined users and passwords to execute brute force attacks against SSH, FTP, POP3, MySQL, MSSQL, and PostgreSQL services.[1] |
| Enterprise | T1059 | Command and Scripting Interpreter |
P.A.S. Webshell has the ability to create reverse shells with Perl scripts.[1] |
|
| Enterprise | T1213 | Data from Information Repositories |
P.A.S. Webshell has the ability to list and extract data from SQL databases.[1] |
|
| Enterprise | T1005 | Data from Local System |
P.A.S. Webshell has the ability to copy files on a compromised host.[1] |
|
| Enterprise | T1140 | Deobfuscate/Decode Files or Information |
P.A.S. Webshell can use a decryption mechanism to process a user supplied password and allow execution.[1] |
|
| Enterprise | T1083 | File and Directory Discovery |
P.A.S. Webshell has the ability to list files and file characteristics including extension, size, ownership, and permissions. | |