Generating A PHP Backdoor with weevely - Post Exploitation Video Lecture

[Music]
hey guys hacky sploit here back again
with another video and this video we're
gonna be looking at how to generate a
back door or a PHP back door with we've
Lee alright so you might have heard of
Weebly or you might not have heard of
we've Lee and essentially what we've lee
is it is a PHP shell that will give you
a connection like SSH so that you know
you can execute system commands and it
essentially gives you backdoor access to
the server that or you know the target
that you have hacked all right so it
comes pre-installed with Kali Linux and
the parrot OS so you're pretty much good
to go otherwise you can find it in
github it's very very easily
just search for it on git github it's
we've Li W double e VL la vie ly okay
so it offers a lot of a lot of post
exploitation
you know advantages in the sense that
you can you can spawn reverse shelves
you can execute commands and you know
that is pretty much all you're gonna
need once you once you have exploited a
server you know you want to live you
want to maintain access in that server
whenever you like and we've Lee is
fantastic it's actually really really
powerful now I know I actually mentioned
on the community section that we'll be
making a video on nikto and and you know
things like the Medusa or for the other
web vulnerability scanners but actually
I'm going to be working on an entire new
series for that because it is a large
topic and I don't think that I can cover
it you know I can give it its full I can
cover it to its maximum potential few
set of videos so I'll be working on a
large project for that so as we did in
the previous video and you're hacking
WordPress we managed to brute force the
WordPress installation we got the
username and password so we have got we
have we have successfully exploited the
system now we need to maintain access so
it's getting a little more interesting
so I already have the WordPress server
running and I already know the password
so I'm just going to go to the they way
it's already loaded up so I'm just gonna
log in now
oh it's actually logged in already so I
can just go to WordPress admin dot PHP
like so and there we are alright so we
are already logged in and now as I said
you know we can upload a PHP file that
if we redirect to and we obviously know
the name of the PHP file if we upload it
to the local directory it means that the
web page will process your request and
it will return that and then you can you
know you can connect to the to the to
the shell that you've uploaded which in
this case you will be generating with
we've Lee alright so you know generating
a PHP shell with we've Lee is really
really easy and we're going to be
looking at that right now so just open
up your terminal right and I'm just
gonna zoom in so we can see what's going
on alright
awesome let's get started so the syntax
is really really simple so we've Lee
whoops
so it's we've Lee so it's pretty much as
simple as that
WWE ve ly okay so we've Lee and then we
want to use generate right so we're
telling we've Lee to generate so it
already knows that we are telling you to
generate a PHP shell so it's gonna know
that the next piece of information you
need to enter is the password for the
shell right this is very important so
that only you have connection and only
oh you are able to use this backdoor
right so I'm just going to use a simple
password like 1 2 3 4 5 you know
something really really simple because I
don't want to use anything complex now
I'm gonna store the PHP file on my
desktop
alright so you I'm just gonna specify
the location I want to store it in so
root desktop and I'm gonna give it a
name so I'm just gonna give it up now
this is where social engineering comes
into play now obviously most you know if
we're talking generally speaking and I
know I'm doing this on my lab but in in
in reality now web servers are probably
going to be monitored by the you know by
security teams and they're going to be
snooping around for you know weird weird
files with weird naming so if you name
it backdoor you know you're just looking
for trouble and that can you know that
can expose you really
badly and you know I'm talking I know
I'm talking from a blackheads
perspective but I'm just giving you an
idea of how you know how these things
are thought through so what I will do is
out name it something like let's see
something interesting like as you saw in
the previous video a for for redirect
alright so for for dot php' right that
is the extension that we're going to use
so now if when I hit enter it's going to
generate it
there we are generated backdoor with
password 1 2 3 4 5 enroute desktop and
it's 1 4 6 9 bytes in terms of its size
and here it is so it's a PHP file if you
open it up everything is encoded so it's
you know if anyone found it it would be
a matter of of you know reverse
engineering it alright so we need to
upload this to the server and luckily
for us we have the file manager
installed on WordPress and you know it's
really really simple to do this and
obviously if you crack the ftp protocol
you can also upload it like that so one
would go to the wordpress file manager
and you need to upload it to the root
directory otherwise you have to you know
go through subdomains which is also a
great idea if you upload it you know in
with the image specification and use
image upload vulnerabilities you know
that that's basic web penetration
testing but for this which is going to
keep it simple you know I'm just gonna
right click and I'm gonna whoops it's
not allowing me to upload there your
upload files and I'm gonna select the
file which is on my desktop there are 4
for dot PHP and it's already uploaded
and now you know usually if I hit a
unknown web page it would reply with
something that is completely vague right
so what I will do now is I will just I
will enter the address so 191 168 point
one point 108 and 404 dot PHP because
it's uploaded locally through the you
know local directory so I'm just going
to enter and there you are
now this is a good sign if it doesn't
give you any result it means that the
script is already active now you might
be wondering well what we do now how do
we connect to this
well we connect to it using we've Lee
alright so let's get start
with that right now all right so what
you're gonna do is really really very
simple we're just gonna use we've Lee
we've Lee as the command obviously and
and now we need to connect to it so
we're going to specify the web page so
HTTP we have to use the protocol so
192.168.1.1 o8 and we are connecting to
that script or that shell so 404 whoops
dot PHP and then we specify the password
which in this case was one two three
four five and it should exploit it
immediately or give us backdoor access
somebody's gonna enter and there we are
and now we can execute commands awesome
man this is so cool so if I hit LS you
can see we can access all the files that
exist on the website and this is
extremely dangerous you know this is
just giving you access to anything on
the web server and you know you have
complete access of everything and as you
can see if it's running on a server
which it is you can then you know
navigate backwards and you're
essentially in the in the root directory
of the entire Linux server which you can
you know exploit further and cause a lot
of damage now that again I'm passing out
it as a disclaimer I do not encourage
you doing this to any site because this
you know this can cause a lot of damage
and yeah that's essentially how to
generate a backdoor I know it's pretty
pretty simple but again really really
powerful but the real trick is as we
know is exploiting a system that is the
real trick you know once you're in you
can do a lot of damage and you can
maintain access and these systems
administrators wouldn't even know the
thing you know usually well I actually
had first-hand experience with this
where I was a system and administrator
and you know the image it was actually
hidden in the images folder we're using
you know the image upload
vulnerabilities that essentially allowed
a user to exploit at the upload system
where the user was able to you know with
burp suite were able to modify the the
upload they're essentially able to to
change the extension of the image to a
PHP file after they had uploaded it and
then you know through burps we did for
did it
and the packets and it got sent and the
images uploaded and you know there you
go
exploited as simple as that so again
website security is also supposed to be
top-notch and yeah hopefully you guys
found value in this video if you did
please leave a like down below if you
have any questions or suggestions let me
know in the comment section down below
or you can hit me up on my social
networks if you have any personal
questions hit me up on kik and yeah
thank you so much for qing guys I'll be
seeing you in the next video peace
[Music]