Weevely PHP Stealth Web Backdoor Kali Linux

Weevely is a stealth PHP web shell that
simulate an SSH-like connection. It is an essential tool for web
application post exploitation, and can be used as stealth backdoor or
as a web shell to manage legit web accounts, even free hosted ones.
After hacking into a website, a penetration tester used to
install/configure his/her backdoor on the web server to remotely
connect with the hacked server; the purpose to install the web
backdoor is vary and it totally depends on the nature of attack,
however the configuration process is almost same for all type of
attack.
The success of any hacking attack and
its post exploitation is highly depends on the technique and the
tools, Weevely is one of the renowned tool to get a shell access of a
web server. It is available on Kali linux and other Linux
distribution by default. Weevely is composed of more than 30 modules
to automate administration and post exploitation tasks:
  • Execute commands and browse remote
    filesystem, even with PHP security restriction
  • Audit common server
    misconfigurations
  • Run SQL console pivoting on target
    machine
  • Proxy your HTTP traffic through
    target
  • Mount target filesystem to local
    mount point
  • File transfer from and to target
  • Spawn reverse and direct TCP
    shells
  • Bruteforce SQL accounts through
    target system users
  • Run port scans from target
    machine
  • And so on..
The other notable functions of weevely
are:
  • Backdoor communications are hidden
    in HTTP Cookies
  • Communications are obfuscated to
    bypass NIDS signature detection
  • Backdoor polymorphic PHP code is
    obfuscated to avoid HIDS AV detection
If you are not using Kali or any other
Linux distribution created for hacking/penetration testing then you
have the python script of weevely from github.com
For the tutorial purpose, I am using
Kali linux:
Click on the terminal and type weevely
for the basic window.

To create a PHP backdoor, follow the
command:
weevely generate <password>
After that, all you need to do is just
upload your backdoor on the hacked server, and you can communicate to
your backdoor by using the following command:
weevely <url> <password>
After making connection with the
server, many tasks can be executed; for example:

P { margin-bottom: 0.08in; }

| :shell.sh | System shell
|
:shell.php | PHP shell
| :system.info | Collect system
informations
| :find.perms | Find files with write, read, execute
permissions
| :find.suidsgid | Find files with superuser flags
|
:backdoor.reversetcp | Send reverse TCP shell
| :backdoor.tcp |
Open a shell on TCP port
| :bruteforce.sql | Bruteforce SQL
username
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...