Weevely

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

Start with a quick Tutorial, read about Modules and Generators.

• More than 30 modules to automate administration and post exploitation tasks
• Execute commands and browse remote filesystem, even with PHP security restriction
• Audit common server misconfigurations
• Run SQL console pivoting on target machine
• Proxy your HTTP traffic through target
• Mount target filesystem to local mount point
• Simple file transfer from and to target
• Spawn reverse and direct TCP shells
• Bruteforce SQL accounts through target system
• Run port scans from target machine
• And so on..
• Backdoor communications are hidden in HTTP Cookies
• Communications are obfuscated to bypass NIDS signature detection
• Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Weevely author keeps Dissecting, a security related blog in italian language.

www-data@target:writable $ :help file.mount
Mount remote filesystem using HTTPfs
usage: :file.mount [-remote-mount REMOTE_MOUNT] [-local-mount LOCAL_MOUNT]
                   [-rpath [RPATH]] [-startpath STARTPATH] [-just-mount URL]
                   [-just-install] [-umount-all] [-httpfs-path HTTPFS_PATH]

www-data@target:writable $ :help net.proxy
Install and run Proxy to tunnel traffic through target
usage: :net.proxy [-startpath STARTPATH] [-force] [-just-run URL]
                  [-just-install] [-lhost LHOST] [-lport LPORT]
                  [rpath]

www-data@target:writable $ :help file.edit
Edit remote file
usage: :file.edit [-editor EDITOR] rpath
positional arguments:
  rpath           Remote path

optional arguments:
  -editor EDITOR  Choose editor. default: vim