United States releases information about Russian hacking

Wordfence said they had traced the malware code to a tool available online, which is apparently funded by donations, called P.A.S. that claims to be ?made in Ukraine.? The version tested by the FBI/DHS report is 3.1.7, while the most current version available on the tool?s website is 4.1.1b.

P.A.S. is a specific tool called "webshell". It was designed for security specialists, server administrators and web developers.

It's not the modification of any other webshell or based on one of them - all source code is originally.

You can free use and modify this script for your needs, but don't publish source code in open access.

By itself it's not a malicious script or malware in any sense. The author assumes no responsibility for its illegal use.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

File Manager

Can upload several files at once
Can create file, directory, symbolic and hard link
Can change files properties (path, modified date, permission, owner, group)
Can download files
Can delete files
Has files buffer:
mark, unmark, show marked files;
copy, move files from buffer to the current dir;
download files from buffer;
clear buffer;
Can search files:
in several paths;
with limited depth;
by name with wildcard and case-sensitive options;
by type (file, directory);
by mode (readable, writable, full access);
with SUID attribute;
by owner IDs with definition of intervals;
by group IDs with definition of intervals;
by created date with definition of intervals;
by modified date with definition of intervals;
by size with definition of intervals;
by specified text with regex and case-sensitive options;
Can save file with specified end of line
Fast change properties, download and delete specified file
Has breadcrumbs
Click on extension cell to copy file name
Press ESC to close current dialog
Press Alt+T to switch between opened dialogs
SQL Client

DB support:
MySQL (mysql, mysqli, PDO)
MSSQL (mssql, sqlsrv, PDO, PDO SQLSRV, PDO DBLIB, PDO ODBC)
PgSQL (pg, PDO)
Tree view of database schema
Shows column data types
Can show only selected columns data
Can show tables row count
Can reload single base/scheme/table schema
Can dump multiple tables/schemes/bases
Can dump only selected schemes/tables/columns
Can dump to SQL or CSV format
Has pagination for some database types
PHP Console

Isolates the results HTML code from the main page
Can be switched from vertical to horizontal composition
Press Ctrl+Enter to evaluate code
Terminal

Can execute commands via specified command processor
Can execute commands via specified function
Type ? to show help
Has command history:
type history [N] to show command history, where optional parameter N is number of last commands;
press Up & Down keys to navigate from command history;
type ![N] to execute command, where N is:
! to execute the last command;
N>0 to execute command #N from the command histroy;
N<0 to execute command #N from the end of the previous command;
Can create system report (type report ? to more info)
Can run Socks5 server:
throught Perl (type socks5.perl to more info);
throught Python (type socks5.python to more info);
Can bind port:
throught Perl (type bindport.perl to more info);
throught Python (type bindport.python to more info);
Can back connect:
throught Perl (type backconnect.perl to more info);
throught Python (type backconnect.python to more info);
Type cls or clear or press CTRL+L to clear output
Information

Shows main server information
Shows PHP configuration without call phpinfo
Download v.4.1.1b

Encryption key (password):
Leave this field empty to generate random
Stealth mode
Download
Donate

BTC: 1PASv4cHGXym7nsi6mPtjgkniMCJnrUkhp
FAQ

I lost my encryption key (password). Can you help me?
No. The encryption key stored only in info.txt file from the download archive and nowhere else.

How can I change my encryption key (password) in the shell file?
You can't. The encryption key stored only in info.txt file from the download archive and nowhere else.

How can I authorize in stealth mode?
You must add cookie with name key and your encryption key (password) as value.
You can use any browser plugin for it. Or you can do it manually:
1. Open your shell page
2. Press F12 and select console tab
3. Type document.cookie='key=MY_ENC_KEY';location.reload(t rue); in console (where MY_ENC_KEY is your encryption key) and press Enter

Shell not work in IE or my old school browser. Do you fix it somewhen?
No. Use latest Firefox or Chrome

Why not just use WSO/R57/C99/etc?
Just use WSO/R57/C99/etc.

How can I help? How can I thanks you? Can I do donation?
Bitcoin address for donations is on Download page.

How can I contact with you?
See feedback links on Links page.

Feedback



P.A.S. is a specific tool called "webshell". It was designed for security specialists, server administrators and web developers.

It's not the modification of any other webshell or based on one of them - all source code is originally.

You can free use and modify this script for your needs, but don't publish source code in open access.

By itself it's not a malicious script or malware in any sense. The author assumes no responsibility for its illegal use.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About
Features
Download
FAQ
Links
MADE IN UKRAINE