Weevely

Image

Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime

Upload weevely PHP agent to a target web server to get remote shell access to it. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.

Demo

Lock image

Features

  •     Shell access to the target

  •     SQL console pivoting on the target

  •     HTTP/HTTPS proxy to browse through the target

  •     Upload and download files

  •     Spawn reverse and direct TCP shells

  •     Audit remote target security

  •     Port scan pivoting on target

  •     Mount the remote filesystem

  •     Bruteforce SQL accounts pivoting on the target

To install weevely in kali linux

Note: its already installed in kali. if not use below command

apt install weevely

After installation, we can use weevely to generate web shell

weevely generate -h

We can set password for our web shell so that others can't interact with it

Now we will generate a php web shell and try to upload it to vulnerable web app.

to genetrate php shell

weevely generate Password@123 /root/Desktop/agentfile.php