[Weevely] PHP Stealth Tiny Web Shell
Weevely is a stealth PHP web shell that provides a telnet-like
console. It is an essential tool for web application post exploitation,
and can be used as stealth backdoor or as a web shell to manage legit
web accounts, even free hosted ones.
Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.
- More than 30 modules to automatize administration and post exploitation tasks:
- Execute commands and browse remote filesystem, even with PHP security restriction
- Audit common server misconfigurations
- Run SQL console pivoting on target machine
- Proxy your HTTP traffic through target
- Mount target filesystem to local mount point
- Simple file transfer from and to target
- Spawn reverse and direct TCP shells
- Bruteforce SQL accounts through target system
- Run port scans from target machine
- And so on..
- Backdoor communications are hidden in HTTP Cookies
- Communications are obfuscated to bypass NIDS signature detection
- Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
You can download Weevely v1.0 here:
Or read more here.
[Weevely] PHP Stealth Tiny Web Shell
![[Weevely] PHP Stealth Tiny Web Shell](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnmyNrxYVoJEwInjRC1ub8x2yesD-Zv9nxjOPIf80KZsvZ67pUR80v0ZzcmKnM2KQRTE7t1XdEy8DUDZ7Ga8CvdNJ7cBbWoOjNC8Lz3TI7FlFTE3EcU-5cyjK2kSGO8f4NgReRRNIoCng/s72-c/weevely.png)
Reviewed by Zion3R
on
1:26 PM
Rating:
Reviewed by Zion3R
on
1:26 PM
Rating:
