Weaponized web shell.
Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.
Upload weevely PHP agent to a target web server to get remote shell access to it. It has more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.
- Shell access to the target
- SQL console pivoting on the target
- HTTP/HTTPS proxy to browse through the target
- Upload and download files
- Spawn reverse and direct TCP shells
- Audit remote target security
- Port scan pivoting on target
- Mount the remote filesystem
- Bruteforce SQL accounts pivoting on the target
The agent is a small, polymorphic PHP script hardly detected by AV and the communication protocol is obfuscated within HTTP requests.