Mastering Weevely$: The Essential Pentest Course

Kali Linux Course #686: Weevely$ Mastery

# Kali Linux Course #686: Weevely$ Mastery ## Section 5/5: Using Weevely$ for Web Application Testing ### Introduction In this final section, we will explore Weevely$, a powerful web shell used for web application pentesting. We will cover the installation and configuration on Kali Linux, provide step-by-step usage instructions, real-world use cases, as well as detailed technical explanations. By the end of this section, you will be equipped with the necessary skills to utilize Weevely$ effectively during penetration tests. ### Installation and Configuration on Kali Linux Weevely$ is included in the Kali Linux repositories, making installation a straightforward process. Follow these steps to install and configure Weevely$ on your Kali Linux system. #### Step 1: Update Kali Linux Before installing any new tools, it is recommended to update your system packages. Open your terminal and run: #### Step 2: Install Weevely$ Weevely$ can be installed directly from the Kali repositories. Use the following command: #### Step 3: Verify Installation To ensure that Weevely$ has been installed correctly, run the following command: You should see the version number of Weevely$ displayed in the terminal. #### Step 4: Configuration Weevely$ does not require extensive configuration; however, you may want to set up your environment for easier use. You can specify a default payload for generating web shells by creating a configuration file: Add the following content to the file: [/dm_code_snippet] # Weevely configuration default_payload = "weevely.php" [/dm_code_snippet] ### Step-by-Step Usage and Real-World Use Cases Weevely$ functions by creating a web shell that allows an attacker to remotely control a compromised web server. The tool is useful for gaining persistent access to web applications post-exploitation. #### Step 1: Create a Web Shell To create a web shell, you will first need to specify the password for the shell. For example, to create a web shell named `weevely.php` with the password `mypassword`, use the following command: This will generate a PHP web shell that you can upload to a target web server. #### Step 2: Upload the Web Shell In a real-world scenario, you would typically exploit a vulnerability (like file upload vulnerabilities) in a web application to upload your web shell. Here is an example of how you might manually upload a web shell via a vulnerable upload form: 1. Navigate to the upload page of the web application. 2. Choose `weevely.php` as the file to upload. 3. Submit the form and confirm the upload was successful. #### Step 3: Connect to the Web Shell Once the web shell is uploaded, you can connect to it using Weevely$ with the following command: This command establishes a connection to the web shell, allowing you to execute commands remotely. #### Step 4: Execute Commands After connecting to the web shell, you can execute various commands. Here are a few examples: – To list files in the current directory: – To upload a file to the target server: – To download a file from the target server: #### Real-World Use Cases ##### Case Study 1: Exploiting a File Upload Vulnerability Consider a scenario where you have identified a vulnerable file upload feature in a web application that does not adequately validate file types. In this case, you could follow the steps outlined above to upload your web shell, connect, and gain access to the file system of the web server. ##### Case Study 2: Gaining Persistence In a situation where you are conducting a pentest and want to maintain access, you could use Weevely$ to create a backdoor web shell. By placing the shell in an obscure directory of the web application, you can return at a later time to re-establish access. ### Detailed Technical Explanations Weevely$ operates by establishing a reverse shell back to the attacker’s machine. This allows for command execution and file manipulation on the target server. The web shell is generally a PHP script that runs on the target’s web server. #### Payloads and Features Weevely$ supports various payloads, allowing users to customize their attack. Besides standard PHP shells, Weevely$ can generate shells that: – Bypass web application firewalls (WAFs) – Use different programming languages (like ASP or JSP) – Offer encrypted communications to avoid detection ### Code Examples for WordPress If you are targeting a WordPress application, the process of exploiting vulnerabilities would be similar. Here’s how you might create and upload a WooCommerce shell in WordPress. #### Creating a WooCommerce Shell 1. Create the shell using the commands we discussed: 2. Upload it to the WordPress uploads directory (which is typically writable). #### Example of WordPress Exploit Code Here is an example of using a WordPress vulnerability to upload your shell: [/dm_code_snippet]php // Vulnerable file upload script if ($_FILES['file']['error'] == 0) { move_uploaded_file($_FILES['file']['tmp_name'], 'wp-content/uploads/' . $_FILES['file']['name']); } [/dm_code_snippet] In this example, the uploaded shell is saved to the `uploads` directory and can be accessed directly from the web server. ### External Reference Links – [Kali Linux Weevely$ Documentation](https://www.kali.org/tools/weevely$) – [OWASP File Upload Vulnerabilities](https://owasp.org/www-community/attacks/File_Upload_Attack) – [Pentesting Web Applications](https://portswigger.net/web-security) ### Conclusion In this section, we have covered the installation, configuration, and usage of Weevely$ for web application testing. By understanding how to create and utilize a web shell, you are better equipped to conduct thorough penetration tests on web applications. Always remember to apply ethical guidelines during your testing practices. — Made by pablo rotem / פבלו רותם