Weaseling in with Weevely
Weevely creates a PHP backdoor on webservers running PHP. It is pretty straightforward to use, and pretty easy to get onto a webserver. You get to it through Applications | PostExploitation | Weevely:
When you first launch Weevely from the menu, it opens a terminal window and gently chides you about using the script improperly:
This is actually a more helpful doc string than the weevely --help command gives:
We know now that we can generate an agent, which can be dropped on a webserver. We can run a terminal to the target, and we can load an existing session file.
Preparing to use Weevely
Weevely is a Python script, and there are a couple of improvements you will have to make to Python to use Weevely:
root@kali:~# apt-get install python-pip libyaml-dev root@kali:~# pip install prettytable Mako pyaml dateutils –upgrade root@kali:~# pip install pysocks --upgrade
If you get in a hurry and skip this step, you might get the following error message:
Creating an agent
To create...
