vFeed


Tools no image

Published on June 13th, 2011 | by NJ Ouchn

0

Weevely v0.3, The Tiny PHP Backdoor newly released with BackBox

This software is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions.

Weevely is now tool of BackBox Linux, a lightweight flexible penetration testing distribution.

Generate PHP code to trojanize a web server, and act like a telnet client to execute commands or inject addictional function on backdoored server.

Coded requests

Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review.

PHP security bypass

The program try to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server.

Tiny server

The backdoor server code is small and easily hideable in other PHP files. The core is dinamically cripted, aim to bypass pattern matching controls.

Modularity

Is simple to increment backdoor server feature with modules, injecting PHP code through the backdoor to implement new functionality on remote server. Code and load new modules is really easy. Current additional modules are: check safe mode, read file, download file on remote server, search writable path

This articles on http://disse.cting.org/, written in italian, explain how Weevely works. Here the english translation

PHP remote backdoor not require additional library and is really portable. Do not use this program on third part servers.

Download last version available of Weevely 0.3

Tags: , , , ,


About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"



Back to Top ↑