Guys I’m beginner in security and pen testing so I started to get my hands dirty on DVWA. I prepared a backdoor script with weevely and uploaded it to DVWA. Now I tried many weevely commands to enjoy the backdoor I injected on the sever and tried to be complex into it by trying backdoor_meterpreter command. But I’m confused now as command doesn’t execute as intended and rather throws a pop up which I’ve uploaded in
As it instructs me I executed the same command in a parallel shell with a hope that it would turn listener on. But still I’m not getting the required meterpreter session on weevely and it’s requiring a listener to be put on first. I tried to check it on web but unfortunately not much help is available for commands of weevely.
I am pentesting a website and I was successful in uploading a php backdoor and finding the path of the backdoor. The only issue is that in order to gain access to the uploaded file I need to be logged in with my account. i can do this by adding my session cookies in weevely but how can I add my session cookies in weevely to access the backdoor file? Is there a way to do this or is it possible?
Both comes preinstalled on Kali. Msfvenom can generate php shell and weevely is a dedicated tool for the same. What exactly is the difference between the two? I am sure folks at Offensive Security won’t include the same tools that do the exact same thing.
My assumption is weevely is the same and uses msfvenom to generate php shell.
weevely can create backdown with php script for sure. I tested and worked fine. Now question is, if my target website runs on any other language like python or ruby, does the php backdoor created by weevely will work?
If not can we create backdoor with any other language for weevely?