Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Weevely is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
Start with a quick Tutorial, read about Modules and Generators.
Ø More than 30 modules to automatize administration and post exploitation
Ø Execute commands and browse remote filesystem, even with PHP security restriction
Ø Audit common server misconfigurations
Ø Run SQL console pivoting on target machine
Ø Open HTTP proxy to tunnel your traffic through target
Ø Simple file transfer from and to target
Ø Spawn reverse and direct TCP shells
Ø Bruteforce passwords of target system users
Ø Run port scans from target machine
Ø Backdoor communications are hidden in HTTP Cookies
Ø Communications are obfuscated to bypass NIDS signature detection
Ø Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
AbhiShek SinGhFounder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email
