Weevely is a stealth PHP web shell that
simulate an SSH-like connection. It is an essential tool for web
application post exploitation, and can be used as stealth backdoor or
as a web shell to manage legit web accounts, even free hosted ones.
After hacking into a website, a penetration tester used to
install/configure his/her backdoor on the web server to remotely
connect with the hacked server; the purpose to install the web
backdoor is vary and it totally depends on the nature of attack,
however the configuration process is almost same for all type of
attack.

The success of any hacking attack and
its post exploitation is highly depends on the technique and the
tools, Weevely is one of the renowned tool to get a shell access of a
web server. It is available on Kali linux and other Linux
distribution by default. Weevely is composed of more than 30 modules
to automate administration and post exploitation tasks:

The other notable functions of weevely
are:

If you are not using Kali or any other
Linux distribution created for hacking/penetration testing then you
have the python script of weevely from github.com

For the tutorial purpose, I am using
Kali linux:

Click on the terminal and type weevely
for the basic window.

To create a PHP backdoor, follow the
command:

weevely generate <password>

After that, all you need to do is just
upload your backdoor on the hacked server, and you can communicate to
your backdoor by using the following command:

weevely <url> <password>

After making connection with the
server, many tasks can be executed; for example:

P { margin-bottom: 0.08in; }

| :shell.sh | System shell
|
:shell.php | PHP shell
| :system.info | Collect system
informations
| :find.perms | Find files with write, read, execute
permissions
| :find.suidsgid | Find files with superuser flags
|
:backdoor.reversetcp | Send reverse TCP shell
| :backdoor.tcp |
Open a shell on TCP port
| :bruteforce.sql | Bruteforce SQL
username