Maintain access to Servers with Web Backdoors
When a web server and services are compromised, it is important to ensure that the hacker has secure access. This is usually achieved with the help of a web shell, ie a small program that gives us access and allows us to run commands on our remote system.
Kali distribution comes with many pre-installed web shells. In this guide we will use a popular PHP web shell called Weevely.
Weevely simulates a Telnet session and allows the hacker to exploit more than 30 modules after exploitation for:
- Browse the breached system
- Transfer files to and from the compromised system
- Create reverse TCP shells
- Execute commands on compromised remote systems, even if security restrictions have been applied to PHP
Finally, Weevely tries to hide communications within an HTTP cookie to avoid being detected.
To create a php backdoor in Weevely, type the following command in your terminal:
Mandate: weevely generate
This command will create a file weevely.php on the desktop. Below we will see an example of backdoor php with executing commands on remote systems that have been compromised, even if security rules have been applied to them:
So after you create your own backdoor.php, upload it to the compromised website where you found a security vulnerability.
To communicate with the web shell, simply enter the following command in your terminal, ensuring that the IP address variables of the directory and password of the compromised machine change with those of the compromised system:
Mandate: weevely http: // /
In the example shown in the screenshot above, we have verified that we are connected to the web shell, using the command uname -a and the pwd command.
The order cat / etc / password used to view passwords.
Finally the web shell can also be used to create a reverse shell connection, using either Netcat or the Metasploit Framework as a local listener.