It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text.

One example of web malware that uses GUIs are PHP webshells like r57.

Instead of the hacker manually submitting crafted GET/POST requests to the r57 PHP file, they can simply load the GUI file manager to modify directories or files with one of its many functions.

Continue reading phpbash – A Terminal Emulator Web Shell at Sucuri Blog.

Via Sucuri.net