Weevely PHP Stealth Web Backdoor Kali Linux
Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. After hacking into a website, a penetration tester used to install/configure his/her backdoor on the web server to remotely connect with the hacked server; the purpose to install the web backdoor is vary and it totally depends on the nature of attack, however the configuration process is almost same for all type of attack.
The success of any hacking attack and its post exploitation is highly depends on the technique and the tools, Weevely is one of the renowned tool to get a shell access of a web server. It is available on Kali linux and other Linux distribution by default. Weevely is composed of more than 30 modules to automate administration and post exploitation tasks:
- Execute commands and browse remote filesystem, even with PHP security restriction
- Audit common server misconfigurations
- Run SQL console pivoting on target machine
- Proxy your HTTP traffic through target
- Mount target filesystem to local mount point
- File transfer from and to target
- Spawn reverse and direct TCP shells
- Bruteforce SQL accounts through target system users
- Run port scans from target machine
- And so on..
The other notable functions of weevely are:
- Backdoor communications are hidden in HTTP Cookies
- Communications are obfuscated to bypass NIDS signature detection
- Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
If you are not using Kali or any other Linux distribution created for hacking/penetration testing then you have the python script of weevely from github.com
For the tutorial purpose, I am using Kali linux:
Click on the terminal and type weevely for the basic window.
To create a PHP backdoor, follow the command:
weevely generate
After that, all you need to do is just upload your backdoor on the hacked server, and you can communicate to your backdoor by using the following command:
weevely
After making connection with the server, many tasks can be executed; for example:
| :shell.sh | System shell
| :shell.php | PHP shell
| :system.info | Collect system informations
| :find.perms | Find files with write, read, execute permissions
| :find.suidsgid | Find files with superuser flags
| :backdoor.reversetcp | Send reverse TCP shell
| :backdoor.tcp | Open a shell on TCP port
| :bruteforce.sql | Bruteforce SQL username
| :shell.php | PHP shell
| :system.info | Collect system informations
| :find.perms | Find files with write, read, execute permissions
| :find.suidsgid | Find files with superuser flags
| :backdoor.reversetcp | Send reverse TCP shell
| :backdoor.tcp | Open a shell on TCP port
| :bruteforce.sql | Bruteforce SQL username
