14 July 2012

Weevely PHP Backdoor 0.7


Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.


Weevely is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.

Start with a quick Tutorial, read about Modules and Generators.

Ø  More than 30 modules to automatize administration and post exploitation

Ø  Execute commands and browse remote filesystem, even with PHP security restriction

Ø  Audit common server misconfigurations

Ø  Run SQL console pivoting on target machine

Ø  Open HTTP proxy to tunnel your traffic through target

Ø  Simple file transfer from and to target

Ø  Spawn reverse and direct TCP shells

Ø  Bruteforce passwords of target system users

Ø  Run port scans from target machine

Ø  Backdoor communications are hidden in HTTP Cookies

Ø  Communications are obfuscated to bypass NIDS signature detection

Ø  Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection


AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date