Jump to content
ZeroCold

Weevely v0.3

Recommended Posts

Posted

With Weevely you can create and manage PHP trojan designed to be hardly detectable. This software is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions. Generate PHP code to trojanize a web server, and act like a telnet client to execute commands or inject addictional function on backdoored server. weevely is also included in blackbox linux which we have discussed in detail here.

Features of weevely:

  • Coded requests: Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review.
  • PHP security bypass: The program try to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server.
  • Tiny server: The backdoor server code is small and easily hideable in other PHP files. The core is dinamically cripted, aim to bypass pattern matching controls.
  • Modularity: Is simple to increment backdoor server feature with modules, injecting PHP code through the backdoor to implement new functionality on remote server. Code and load new modules is really easy. Current additional modules are: check safe mode, read file, download file on remote server, search writable path .

Sure looks good to be installed when you have control of a server and want to control it remotely. It is open source, so can be modified in case it is detected by anti-viruses.

Download:

https://code.google.com/p/weevely/downloads/list

#sursa: weevely: A Stealth Tiny PHP Backdoor!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...