-
Notifications
You must be signed in to change notification settings - Fork 109
/
README
34 lines (21 loc) · 1.17 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Official website:
http://epinna.github.com/Weevely/
Getting started with a quick Tutorial:
https://github.com/epinna/Weevely/wiki/Tutorial
Or show list of available Modules:
https://github.com/epinna/Weevely/wiki/Modules-list
Main features:
* More than 30 modules to automatize administration and post exploitation tasks
o Execute commands and browse remote filesystem, even with PHP security restriction
o Audit common server misconfigurations
o Run SQL console pivoting on target machine
o Simple file transfer from and to target
o Spawn reverse and direct TCP shells
o Bruteforce passwords of target system users
o And so on..
* Backdoor communications are hidden in HTTP Cookies
* Communications are obfuscated to bypass NIDS signature detection
* Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
Weevely author keep Dissecting, a security related blog in italian language:
http://disse.cting.org/