******************************************************************************************************
       ________  ________    _________.__           .__  .__             ________     _______   
  ____/   __   \/   __   \  /   _____/|  |__   ____ |  | |  |   ___  __  \_____  \    \   _  \  
_/ ___\____    /\____    /  \_____  \ |  |  \_/ __ \|  | |  |   \  \/ /   /  ____/    /  /_\  \ 
\  \___  /    /    /    /   /        \|   Y  \  ___/|  |_|  |__  \   /   /       \    \  \_/   \
 \___  >/____/    /____/   /_______  /|___|  /\___  >____/____/   \_/ /\ \_______ \ /\ \_____  /
     \/                            \/      \/     \/                  \/         \/ \/       \/ 
  _             _____ _                __          ___    _ __ ______
 | |           |  __ (_)               \ \        / / |  | /_ |___  /
 | |__  _   _  | |__) | _ __   ___  _   \ \  /\  / /| |__| || |  / / 
 | '_ \| | | | |  ___/ | '_ \ / _ \| | | \ \/  \/ / |  __  || | / /  
 | |_) | |_| | | |   | | | | | (_) | |_| |\  /\  /  | |  | || |/ /__ 
 |_.__/ \__, | |_|   |_|_| |_|\___/ \__, | \/  \/   |_|  |_||_/_____|
         __/ |                       __/ |                           
        |___/                       |___/                            

******************************************************************************************************

PHP 7 and safe-build Update of the popular C99 variant of PHP Shell.

c99shell.php v.2.0 (PHP 7) (25.02.2019) Updated by: PinoyWH1Z for PHP 7

An excellent example of a web shell is the c99 variant, which is a PHP shell (most of them calls it malware) often uploaded to a vulnerable web application to give hackers an interface. The c99 shell lets the attacker take control of the processes of the Internet server, allowing him or her give commands on the server as the account under which the threat is operating. It lets the hacker upload, browse the file system, edit and view files, in addition, to deleting, moving them and changing permissions. Finding a c99 shell is an excellent way to identify a compromise on a system. The c99 shell is about 1500 lines long if packed and 4900+ if properly displayed, and some of its traits include showing security measures the web server may use, a file viewer that has permissions, a place where the attacker can operate custom PHP code (PHP malware c99 shell).

There are different variants of the c99 shell that are being used today. This github release is an example of a relatively recent one. It has many signatures that can be utilized to write protective countermeasures.

I've been using php shells as part of my Ethical Hacking activities. And I have noticed that most of the php shells that are downloadable online are encrypted with malicious codes and without you knowing, others also insert trackers so they can see where you placed your php shell at.

I've came up with an idea such as "what if I get the stable version of c99shell and reverse the encrypted codes, remove the malicious codes and release it to public for good." And yeah, I decided to do it, but I noticed that most of the servers now have upgraded their apache service to PHP 7, sadly, the codes that I have is for PHP 5.3 and below.

The good thing is.. only few lines of syntax are needed to be altered, so I did it.

Here you go mates, a clean and safe-build version of the most stable c99shell that I can see.

If ever you see more bugs, please create an issue or just fork it, update it and do a pull request so I can check it and update the codes for stabilization.

This is a widely used php shell by hackers, so don't freak out if your anti-virus/anti-malware detects this php file as malicious or treated as backdoor. Since you can see the codes in my re-released project, you can read all throughout the codes and inspect or even debug as much as you like.

I will NOT be held responsible for any unethical use of this hacking tool.

c99shell_v2.0.zip (Zip Password: PinoyWH1Z)