• 26,769
  • +1,026
  • 3,010
PHP Stealth Web Shell and Backdoor : Weevely

PHP Stealth Web Shell and Backdoor : Weevely

Bookmark

Weevely PHP stealth web shell and backdoor is a PHP web shell that provides a telnet-like console to execute system commands and automatize administration and post-exploitation tasks. It is an essential tool for web application post exploitation, and also can be used as stealth backdoor

Where to find weevely php stealth web shell and backdoor? actually when you own a Linux box which the distribution orientation is for penetration testing like Backtrack, Backbox, etc, you will find there(majority).

Weevely php stealth web shell and backdoor has more than 30 modules available for post exploitation tasks.

  • Enumerate users and /etc/passwd content
  • Check php security configurations
  • Execute system shell
  • Send reverse TCP shell via netcat
  • Bruteforce SQL username
  • Download binary/ascii files from target filesystem
  • Get SQL database dump
  • Install remote PHP proxy
  • and so on

Weevely php stealth web shell and backdoor communications are hidden, every communications between server and client are hidden in HTTP Cookies. Communications between client and server are obfuscated to bypass NIDS signature detection.

Okay enough for the introduction, it’s good and better if we start the hands on now 🙂

Requirements:

1. Weevely php stealth web shell and backdoor (link).

2. Web server for upload the backdoor (you can use xampp, mamp, or apache)

Step by Step Weevely PHP Stealth Web Shell and Backdoor:

In this hacking tutorial case, I’m using Backtrack 5 R3 linux distro as an attacker and Debian 6.0.5.

1. Open your terminal (CTRL + ALT + T) and change your working directory to :

cd /pentest/backdoors/web/weevely/

2. The second step, we need to generate the php stealth backdoor.

./weevely.py generate vishnuvalentino

where vishnuvalentino is the password

PHP Stealth Web Shell and Backdoor : Weevely

The backdoor with name weevely.php successfully generated (see picture above).

3. The next step we need to upload this PHP stealth web shell and backdoor to a web server (that support php). I already have my testing web server that have an upload function(I got the upload script from PHP net website here) and it’s running in Debian 6.0.5.

Let say I’ve successfully uploaded the PHP backdoor with the address http://192.168.8.94/data/weevely.php

4. Now, back again to our console and type

./weevely.py http://192.168.8.94/data/weevely.php vishnuvalentino

PHP Stealth Web Shell and Backdoor : Weevely

5. Let’s try some available weevely modules. I start from :system.info to find out target system information.

PHP Stealth Web Shell and Backdoor : Weevely

6. And then continue with :audit.etc_passwd modules to list users on the target system.

PHP Stealth Web Shell and Backdoor : Weevely

There’s still many things you can do with weevely php stealth web shell and backdoor. I will continue to add it on my second post about this php stealth web shell and backdoor. (view the 2nd Weevely PHP Stealth Web Shell tutorial)

Subscribe Now To Get The Latest Hacking Tutorial Update on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • david

    bisakah membantu untuk mengetahui apakah sebuah website/ facebook sudah di hack? dan memulihkan kembali? mohon kesediaan dan kerelaan hati membantu. terima kasih.

    • v4L

      #david

      sulit untuk melacak secara pasti, tapi bisa dicoba saran pada bagian conclusion pada tutorial berikut: http://www./hacking-tutorial/wordpress-hacking-tutorials-to-add-administrator-user-secretly/