Weevely PHP Stealth Web Backdoor Kali Linux

Weevely is a stealth PHP web shell that
simulate an SSH-like connection. It is an essential tool for web
application post exploitation, and can be used as stealth backdoor or
as a web shell to manage legit web accounts, even free hosted ones.
After hacking into a website, a penetration tester used to
install/configure his/her backdoor on the web server to remotely
connect with the hacked server; the purpose to install the web
backdoor is vary and it totally depends on the nature of attack,
however the configuration process is almost same for all type of
attack.
The success of any hacking attack and
its post exploitation is highly depends on the technique and the
tools, Weevely is one of the renowned tool to get a shell access of a
web server. It is available on Kali linux and other Linux
distribution by default. Weevely is composed of more than 30 modules
to automate administration and post exploitation tasks:
  • Execute commands and browse remote
    filesystem, even with PHP security restriction
  • Audit common server
    misconfigurations
  • Run SQL console pivoting on target
    machine
  • Proxy your HTTP traffic through
    target
  • Mount target filesystem to local
    mount point
  • File transfer from and to target
  • Spawn reverse and direct TCP
    shells
  • Bruteforce SQL accounts through
    target system users
  • Run port scans from target
    machine
  • And so on..
The other notable functions of weevely
are:
  • Backdoor communications are hidden
    in HTTP Cookies
  • Communications are obfuscated to
    bypass NIDS signature detection
  • Backdoor polymorphic PHP code is
    obfuscated to avoid HIDS AV detection
If you are not using Kali or any other
Linux distribution created for hacking/penetration testing then you
have the python script of weevely from github.com
For the tutorial purpose, I am using
Kali linux:
Click on the terminal and type weevely
for the basic window.

To create a PHP backdoor, follow the
command:
weevely generate <password>
After that, all you need to do is just
upload your backdoor on the hacked server, and you can communicate to
your backdoor by using the following command:
weevely <url> <password>
After making connection with the
server, many tasks can be executed; for example:

P { margin-bottom: 0.08in; }

| :shell.sh | System shell
|
:shell.php | PHP shell
| :system.info | Collect system
informations
| :find.perms | Find files with write, read, execute
permissions
| :find.suidsgid | Find files with superuser flags
|
:backdoor.reversetcp | Send reverse TCP shell
| :backdoor.tcp |
Open a shell on TCP port
| :bruteforce.sql | Bruteforce SQL
username
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top Suggestions To Minimize Cyber Attack Risks

The Cyber Protection and Cyber Attack definition play an important role in maintaining both global security and operational productivity due to the rapid proliferation...

Policing the Dark Web (TOR): How Authorities track People on Darknet

The darknet, especially the TOR network, can be hacked, or the information of the people using it can be extracted in the plain text....

Best VPNs for Android – and Why You Need One Now

Most people protect their laptops and computers from potential cyber-attacks but only consider the cybersecurity of their mobile devices when it’s too late. In recent...

The Levels of the Internet Surface Web, Deep Web, and Dark Web

The internet, invented by Vinton Cerf and Bob Cahn, has evolved since its creation in the 1960s. In 1990, the World Wide Web transformed...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.