Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime
Upload weevely PHP agent to a target web server to get remote shell access to it. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.
Demo
Features
-
Shell access to the target
-
SQL console pivoting on the target
-
HTTP/HTTPS proxy to browse through the target
-
Upload and download files
-
Spawn reverse and direct TCP shells
-
Audit remote target security
-
Port scan pivoting on target
-
Mount the remote filesystem
-
Bruteforce SQL accounts pivoting on the target
To install weevely in kali linux
Note: its already installed in kali. if not use below command
apt install weevely
After installation, we can use weevely to generate web shell
weevely generate -h
We can set password for our web shell so that others can't interact with it
Now we will generate a php web shell and try to upload it to vulnerable web app.
to genetrate php shell
weevely generate Password@123 /root/Desktop/agentfile.php