News

Weaponized Web Shell: weevely3

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments.

The low footprint agent and over 30 modules shape an extensible framework to administrate, conduct a pen-test, post-exploit, and audit remote web accesses in order to escalate privileges and pivot deeper in the internal networks.


The modules feature:
  • Shell/PHP telnet-like network terminal
  • Common server misconfigurations auditing
  • SQL console pivoting on target
  • HTTP traffic proxying through target
  • Mount target file system to local mount point
  • Conduct network scans pivoting on target
  • File upload and download
  • Spawn reverse and direct TCP shells
  • Bruteforce services accounts
  • Compress and decompress zip, gzip, bzip2 and tar archives

Weevely Discussed Before

The backdoor agent

The remote agent is a very low footprint php script that receives dynamically injected code from the client, extending the client functionalities over the network at run-time. The agent code is polymorphic and hardly detectable by AV and HIDS. The communication is covered and obfuscated within the HTTP protocol using steganographic techniques.

Download & Read More:
Weaponized Web Shell: weevely3 Reviewed by Ethical Hacking on 10:31 AM Rating: 5

No comments:

Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: ehacking.net © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.