Weevely is a stealth PHP web shell that provides a telnet-like console.
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
No comments:
Post a Comment