Weaponized Web Shell: weevely3

Weevely is a command line web shell dynamically extended over the
network at runtime designed for remote administration and pen testing.
It provides a weaponized telnet-like console through a PHP script
running on the target, even in restricted environments.

The low footprint agent and over 30 modules shape an extensible
framework to administrate, conduct a pen-test, post-exploit, and audit
remote web accesses in order to escalate privileges and pivot deeper in
the internal networks.

The modules feature:

  • Shell/PHP telnet-like network terminal
  • Common server misconfigurations auditing
  • SQL console pivoting on target
  • HTTP traffic proxying through target
  • Mount target file system to local mount point
  • Conduct network scans pivoting on target
  • File upload and download
  • Spawn reverse and direct TCP shells
  • Bruteforce services accounts
  • Compress and decompress zip, gzip, bzip2 and tar archives

Weevely Discussed Before

The backdoor agent

The remote agent is a very low footprint php script that receives
dynamically injected code from the client, extending the client
functionalities over the network at run-time. The agent code is
polymorphic and hardly detectable by AV and HIDS. The communication is
covered and obfuscated within the HTTP protocol using steganographic
techniques.

Download & Read More:

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...