When a web server and services have been compromised, it is important to ensure secure access for the hacker. This is usually achieved with the help of a web shell, that is, a small program that gives us access and allows us to run commands in our remote location.
Kali distribution comes with many pre-installed web shells. In this guide we will use a popular PHP web shell called Weevely.
Weevely simulates a Telnet session and allows the hacker to exploit more than 30 modules after exploitation for:
- Browse the breached system
- Transfer files to and from the compromised system
- Create reverse TCP shells
- Execute commands on compromised remote systems, even if security restrictions have been applied to PHP
Finally, Weevely tries to hide communications within an HTTP cookie to avoid being detected.
To create a php backdoor in Weevely, type the following command in your terminal:
Mandate: weevely generate password>
This command will create a archive weevely.php on the surface work. Below we will see an example of a php backdoor executing commands on remote systems that have been compromised, even if security rules have been applied to them:
So after you create your own backdoor.php, upload it to the compromised website where you found a security vulnerability.
To communicate with the web shell, simply type the following command in your terminal, ensuring that its variables addressIP addresses of the compromised machine's directory and password are changed to those of the compromised system:
Mandate: weevely http://
In the example shown in the screenshot above, we have verified that we are connected to the web shell, using the command uname -a and the pwd command.
The order cat / etc / password used to view passwords.
Finally the web shell can also be used to create a reverse shell connection, using either Netcat or the Metasploit Framework as a local listener.