How to use Weevely? | Weaponized Web Shell Guide

How to use Weevely? | Weaponized Web Shell Guide

Command Name

Weevely – Weaponized web shell

Author: Emilio

Weevely Usage

weevely generate <password> <path>
weevely <URL> <password> [cmd]

Weevely Description

Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.

Upload weevely PHP agent to a target web server to get remote shell access to it. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.

Read the Install page to install weevely and its dependencies.

Read the Getting Started page to generate an agent and connect to it.

Browse the Wiki to read examples and use cases.

Weevely Features

  • Shell access to the target
  • SQL console pivoting on the target
  • HTTP/HTTPS proxy to browse through the target
  • Upload and download files
  • Spawn reverse and direct TCP shells
  • Audit remote target security
  • Port scan pivoting on target
  • Mount the remote filesystem
  • Bruteforce SQL accounts pivoting on the target

Weevely Agent

The agent is a small, polymorphic PHP script hardly detected by AV and the communication protocol is obfuscated within HTTP requests.



[blur]

Weevely Modules

ModuleDescription
:audit_filesystemAudit the file system for weak permissions.
:audit_suidsgidFind files with SUID or SGID flags.
:audit_disablefunctionbypassBypass disable_function restrictions with mod_cgi and .htaccess.
:audit_etcpasswdRead /etc/passwd with different techniques.
:audit_phpconfAudit PHP configuration.
:shell_shExecute shell commands.
:shell_suExecute commands with su.
:shell_phpExecute PHP commands.
:system_extensionsCollect PHP and webserver extension list.
:system_infoCollect system information.
:system_procsList running processes.
:backdoor_reversetcpExecute a reverse TCP shell.
:backdoor_tcpSpawn a shell on a TCP port.
:bruteforce_sqlBruteforce SQL database.
:file_gzipCompress or expand gzip files.
:file_clearlogRemove string from a file.
:file_checkGet attributes and permissions of a file.
:file_uploadUpload file to remote filesystem.
:file_webdownloadDownload an URL.
:file_tarCompress or expand tar archives.
:file_downloadDownload file from remote filesystem.
:file_bzip2Compress or expand bzip2 files.
:file_editEdit remote file on a local editor.
:file_grepPrint lines matching a pattern in multiple files.
:file_lsList directory content.
:file_cpCopy single file.
:file_rmRemove remote file.
:file_upload2webUpload file automatically to a web folder and get corresponding URL.
:file_zipCompress or expand zip files.
:file_touchChange file timestamp.
:file_findFind files with given names and attributes.
:file_mountMount remote filesystem using HTTPfs.
:file_enumCheck existence and permissions of a list of paths.
:file_readRead remote file from the remote filesystem.
:file_cdChange current working directory.
:sql_consoleExecute SQL query or run console.
:sql_dumpMulti dbms mysqldump replacement.
:net_mailSend mail.
:net_phpproxyInstall PHP proxy on the target.
:net_curlPerform a curl-like HTTP request.
:net_proxyRun local proxy to pivot HTTP/HTTPS browsing through the target.
:net_scanTCP Port scan.
:net_ifconfigGet network interfaces addresses.

Weevely Development

Weevely is easily extendible to implement internal audit, account enumerator, sensitive data scraper, network scanner, make the modules work as a HTTP or SQL client and do a whole lot of other cool stuff.

[/blur]

Similar Posts