Post Exploitation tool in Kali Linux : Weevely

Post Exploitation tool in kali linux Weevely TechArry

Weevely is a stealth backdoor or PHP web shell that simulate telnet-like connection. This tool is used for post exploitation of vulnerability in web application.

Syntax
weevely generate <password> <file path>

In this article we will do post exploitation of file upload vulnerability through weevely tool.We are using DVWA(Damn Vulnerable Web Application) for upload of malicious PHP file which is our web shell created by weevely. Weevely is an inbuilt tool in Kali Linux.

Step 1 : Open Kali Linux VM and type weevely and press enter. It will show the current version of the installed tool and other options/arguments to use for.

Post Exploitation tool in kali linux Weevely TechArry

For more help you can type :
Command : weevely -h

Post Exploitation tool in kali linux Weevely TechArry

Step 2 : Now we have to create PHP web shell. Type the below command and press enter.
Command : weevely generate taketopwd /home/kali/Downloads/errorpage.php

Post Exploitation tool in kali linux Weevely TechArry

We have set the password as “taketopwd” for file “errorpage.php” which is created at location /home/kali/Downloads/errorpage.php .
Run ls command to check whether the errorpage.php file is created or not. Here it is created successfully

Post Exploitation tool in kali linux Weevely TechArry

Below is the errorpage.php web shell that is created by weevely.

Post Exploitation tool in kali linux Weevely TechArry

Step 3 : We have installed DVWA application in our base machine which is windows OS through XAMP. Now access the DVWA application in browser and set its priority as low so that we can upload malicious PHP file.

Post Exploitation tool in kali linux Weevely TechArry

Step 4 : .Click on “File Upload” link and browse the errorpage.php file which is created by weevely and upload the file.

Post Exploitation tool in kali linux Weevely TechArry

Step 5 : After uploading the malicious file it gives us the path of the uploaded file. Copy the file path.

Post Exploitation tool in kali linux Weevely TechArry

Step 6 : Now accessed the above copied Path in the browser. After accessing, it is showing a blank page to visitors but to a attacker it is a stealthy backdoor.

Post Exploitation tool in kali linux Weevely TechArry

Step 7 : Now go to terminal of kali linux and execute the payload through weevely.
Type weevely <full path of uploaded file> <password of malicious file that we have set>
Command : weevely http://10.0.0.1/DVWA/hackable/uploads/errorpage.php taketopwd

After this, it will show weevely prompt and we have connected to the remote server. Now we will execute commands here.

Post Exploitation tool in kali linux Weevely TechArry

Step 8 : Type dir and press enter.
It will show all the file list present in the current directory

Post Exploitation tool in kali linux Weevely TechArry

Step 9 : Type system_info and press enter.
It will show the system information of remote server.

Post Exploitation tool in kali linux Weevely TechArry

Related Posts

1 Comment

Leave a Reply