Weevely 1.0

[Nytro]

[h=1]Weevely 1.0[/h]by Mayuresh on February 5, 2013

Our old post regarding the weevely tiny PHP backdoor can be found here. Recently, an update was released – weevely version 1.0, that brings new modules with totally refactored structure to assist remote administration tasks and penetration testing.

“Weevely is an unobtrusive PHP backdoor that simulate telnet-like connection. It is an essential tool for application web attack post exploitation or web hosting account management. With a basic permission to upload PHP files, you only need to generate and upload the “server” PHP code on the target, and run locally Weevely to transmit shell commands.

• Backdoor communications are obfuscated into referrer of regular HTTP requests
  
• Backdoor code is hidden and compact because of functions dynamically injected and not embedded in
  
• User have modules available to automate interaction with remote system
  
• Modules implements different techniques to accomplish given tasks, aiming to bypass disabled_functions, safe_mode and other PHP”
  

[h=2]Changes made in Weevely 1.0:[/h]

• Supports of Windows and MacOS hosts environments
  
• Module :net.mount, powered by HTTPfs, that mounts automagically remote filesystem to a local mountpoint
  
• Module :file.edit to edit remote files with your favourite local text editor
  
• Module :audit.systemfiles to find system files with bad permissions that could affect server security
  
• Module :audit.phpconf to audit common PHP misconfiguration
  
• SOCKS4 and SOCKS5 proxy supports
  
• Totally rewritten module base structure to simplify module deploying
  
• Modules arguments managament with argparse
  
• Tons of bug fixes
  

[h=3]Download weevely:[/h] Weevely 1.0 – weevely-1.0.tar.gz/Weevely github

Sursa: Weevely version 1.0! — PenTestIT

[smecherasu98]

bravo te pricepi