Book Image

Penetration Testing with BackBox

By : Stefan Umit Uygur
Book Image

Penetration Testing with BackBox

By: Stefan Umit Uygur

Overview of this book

Table of Contents (15 chapters)

Backdoor Weevely


Weevely is a tiny PHP backdoor that provides a web-based shell to work on a remote target machine. It is an ambitious utility for web application post exploitation, and can be used for different purposes, for example, as a stealth backdoor or as a web shell to control the remote machines via the browser. BackBox has many of its own internal projects, and Weevely, which is entirely developed by BackBox members, is one of them.

So, in this chapter, we will run through this powerful tool by exploring its substantial functionality. It is an incredible, multifunctional, backdoor shell.

Among other functions, Weevely has the following functions:

  • Different modules for post exploitation tasks and can automate the following administrative tasks:

    • Performing commands and exploring remote filesystems (this can also be done if PHP has been configured with restrictions)

    • Performing auditing to check common misconfigurations on the server

    • Performing a SQL console pivoting on remote servers

    • Setting...