06 February 2013 | 2,631 views

Weevely – PHP Stealth Tiny Web Shell

Prevent Network Security Leaks with Acunetix

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

  • More than 30 modules to automatize administration and post exploitation tasks:
    • Execute commands and browse remote filesystem, even with PHP security restriction
    • Audit common server misconfigurations
    • Run SQL console pivoting on target machine
    • Proxy your HTTP traffic through target
    • Mount target filesystem to local mount point
    • Simple file transfer from and to target
    • Spawn reverse and direct TCP shells
    • Bruteforce SQL accounts through target system
    • Run port scans from target machine
    • And so on..
  • Backdoor communications are hidden in HTTP Cookies
  • Communications are obfuscated to bypass NIDS signature detection
  • Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

You can download Weevely v1.0 here:

weevely-1.0.tar.gz

Or read more here.



Recent in Exploits/Vulnerabilities:
- OpenVPN Vulnerable To Shellshock Exploit
- Everything You NEED To Know About Shellshock Bug In BASH
- drozer – The Leading Security Testing Framework For Android

Related Posts:
- Shelling our way up
- XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool
- sqlninja 0.1.0alpha – MS-SQL Injection Tool

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,774 views
- AJAX: Is your application secure enough? - 119,143 views
- eEye Launches 0-Day Exploit Tracker - 85,068 views

Advertise on Darknet

Comments are closed.