Bits and bytes of a hacker.

Custom PHP Backdoor Shell With Weevely

Recently I’ve been finding the need more and more to have a reliable backdoor PHP shell that has a reputable history. From work experience I knew about the classic c99.php backdoor shell and knew that it wasn’t the direction I wanted to go in. If you haven’t read The Hacker Blog article on it here, it’s definitely worth a read.

So I came across Weevely. What an awesome little backdoor! Here I’m just going to walk through the basic usage of it to get you up and running. This backdoor is definitely the quick and easy way of doing things when pentesting a PHP site.

  1. Using Kali, Weevely is already built in, we can generate our backdoor with our password to connect to it. My password will be blagger: weevely generate blagger sneaky.php

  2. Next, for simplicity sake, I will upload the backdoor to my test web server using SFTP. Of course there are hundreds of other ways to get your PHP script onto a web server, but this is a demo. Because my web server is ran on Amazon’s Ec2, I need to remote in using a limited user account. Still I can upload the file to the tmp directory to be moved by root:

  3. Finally, I’ll SSH in and move the uploaded backdoor into the public facing web directory to allow access for Weevely to connect. Once it’s publicly accessible, browse to it in Weevely and your back door gets executed: weevely blagger