epinna / weevely3 Goto Github PK
View Code? Open in Web Editor NEWWeaponized web shell
License: GNU General Public License v3.0
Weaponized web shell
License: GNU General Public License v3.0
This is already somewhat possible, with some buggering around and stuff, but it would be neat to have a properly documented/supported way to do "import weevely" from other python programs and use its functionality (such as generating backdoors, connecting to shells, etc), for fully automating post-exploitation tasks, payload handling, etc.
was able to generate the .php file, but through the admin webfront, i have to upload a .zip file that is a directory structure with additional files.
any suggestions on how to create this?
Traceback (most recent call last):
File "./weevely.py", line 98, in
main(arguments)
File "./weevely.py", line 48, in main
modules.load_modules(session)
File "/home/oche/weevely/core/modules.py", line 24, in load_modules
(module_group, module_name), fromlist=["*"]
File "/home/oche/weevely/modules/shell/php.py", line 4, in
from core.channels.channel import Channel
File "/home/oche/weevely/core/channels/channel.py", line 7, in
import socks
ImportError: No module named socks
and im using fedora 22.
Thanks.
When I try to run in the browser:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
....
More information about this error may be available in the server error log.
When I try to run the terminal:
[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[!] [Terminal] Backdoor communication failed: please check reachability URL and password
* But on the local server runs fine.*
It would be great to have the testsuite run automatically on each commit/pull-request to avoid regressions, with for example travis-ci: it's a simple yaml
file with a simple syntax, and it's a free service.
Will be good to make when download file or upload file to show speed and progress.
After I run weevely generate 123456 wee.php
,I can`t find any wee.php in my Kali Linux.
Generated backdoor with password '123456' in 'wee.php' of 1456 byte size.
So where`s the wee.php
when I change my working directory to something like E:\
or C:\
, I can't execute any command.
seems like the problem is chdir('E:\');
my log:
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);@system('dir 2>&1');
>>>> cd E:Code
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);
if(is_callable('posix_getpwuid')&&is_callable('posix_geteuid')) {
$u=@posix_getpwuid(@posix_geteuid());
if($u){
$u=$u['name'];
} else {
$u=getenv('username');
}
print($u);
}
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);@chdir('E:Code')&&print(@getcwd());
[-][cd] Failed cd 'E:Code': no such directory or permission denied
>>>> cd E:/Code
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);
if(is_callable('posix_getpwuid')&&is_callable('posix_geteuid')) {
$u=@posix_getpwuid(@posix_geteuid());
if($u){
$u=$u['name'];
} else {
$u=getenv('username');
}
print($u);
}
Bug in generate.py as of commit 4964d6e (or earlier).
Traceback:
lsd@delerium:~/tools/weevely3$ ./generate.py password123 agent.php
Traceback (most recent call last):
File "./generate.py", line 96, in <module>
agent = args.agent
File "./generate.py", line 48, in generate
(obfuscator_path, str(e)))
core.weexceptions.FatalException: Error with obfuscator template 'bd/obfuscators/obfusc1_php.tpl': expected string or buffer
lsd@delerium:~/tools/weevely3$
Traceback (most recent call last):
File "./weevely.py", line 98, in <module>
main(arguments)
File "./weevely.py", line 38, in main
password = arguments.password
File "/root/weevely3/core/sessions.py", line 223, in __init__
saved_url = sessiondb.get('url')
AttributeError: 'NoneType' object has no attribute 'get'
How about logs weevely 3 are stealth on system ?
PS. Will be good to make module ( Clear logs)
epinna we need to talk add me please Jabber ( [email protected] )
I've juste triggered an encoding error inside the sql_console module. Didn't have the time to check further in, but here is the error message I received and the .
[D][module] Traceback (most recent call last):
File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 105, in run_cmdline
result = self.run_argv(command)
File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 178, in run_argv
return self.run()
File "/home/nico/exp/tools/shells/weevely3/modules/sql/console.py", line 121, in run
self.print_result(result)
File "/home/nico/exp/tools/shells/weevely3/modules/sql/console.py", line 129, in print_result
Module.print_result(self, result['result'])
File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 348, in print_result
log.info(utils.prettify.tablify(result))
File "/home/nico/exp/tools/shells/weevely3/utils/prettify.py", line 56, in tablify
output = table.get_string()
File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 987, in get_string
formatted_rows = self._format_rows(rows, options)
File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 942, in _format_rows
return [self._format_row(row, options) for row in rows]
File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 939, in _format_row
return [self._format_value(field, value) for (field, value) in zip(self._field_names, row)]
File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 890, in _format_value
return self._unicode(value)
File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 181, in _unicode
value = unicode(value, self.encoding, "strict")
File "/home/nico/.virtualenvs/weevely/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xe2 in position 4: invalid continuation byte
Hey, Im using windows python2.7 to run weevely.
I tried to use NANO but my PC denied access to .temp folder where edited files are temporary kept. Any ideas how to fix that? I run command line in Admin mode of course.
Will be good to integrate TOR in weevely.
[ Sqlmap Example: sqlmap.py --check-tor --tor --tor-port 9050 --tor-type=SOCKS5 ]
What is the difference between module :backdoor_tcp
and :backdoor_reversetcp
?
And in what situation can we use them?
On server where working even weevely3 not working.
The system shell interpreter is not available in this session.
PHP code and modules execution are available. Use the following
command replacements to simulate an unrestricted shell.
zip, unzip file_zip
touch file_touch
gzip, gunzip file_gzip
curl net_curl
nmap net_scan
cd file_cd
rm file_rm
cat file_read
vi, vim, emacs, nano, pico, gedit, kwrite file_edit
wget file_webdownload
find file_find
tar file_tar
ifconfig net_ifconfig
bzip2, bunzip2 file_bzip2
ls, dir file_ls
grep file_grep
weevely> ls
40606
40606@40606:40606 PHP> ps
40606
40606@40606:40606 PHP> file_ls
40606
sir i did all the things that i found in ur link https://github.com/epinna/weevely3/wiki/Install-and-first-run
1>i am using kali rolling
2>i have installed all thing that was described in that link , linux
3> Generated backdoor with password 'mypassword' in 'agent.php' of 1469 byte size.
every thing done but again same problem missing some argument
[+] weevely 3.3.1
[!] Error: too few arguments
[+] Run terminal to the target
weevely [cmd]
[+] Load session file
weevely session [cmd]
[+] Generate backdoor agent
weevely generate
I did everything that I have to do for the first run
Traceback (most recent call last):
File "weevely.py", line 2, in
from core.terminal import Terminal
File "C:\Python27\weevely3-master\core\terminal.py", line 6, in
from core.module import Status
File "C:\Python27\weevely3-master\core\module.py", line 14, in
from core.vectorlist import VectorList
File "C:\Python27\weevely3-master\core\vectorlist.py", line 15, in
from core.vectors import Os
File "C:\Python27\weevely3-master\core\vectors.py", line 16, in
import utils
File "C:\Python27\weevely3-master\utils_init_.py", line 3, in
import strings
ImportError: No module named 'strings'
Hello. I downloaded the latest version of the script. I'm trying to run weevely, but I'm constantly getting errors. I could not find the answer myself. I ask for help.
C:\Python27>python --version
Python 2.7.13
C:\Python27\Scripts>pip-script.py install prettytable Mako PyYAML python-dateutil pyreadline PySocks --upgrade
Requirement already up-to-date: prettytable in c:\python27\lib\site-packages
Requirement already up-to-date: Mako in c:\python27\lib\site-packages
Requirement already up-to-date: PyYAML in c:\python27\lib\site-packages
Requirement already up-to-date: python-dateutil in c:\python27\lib\site-packages
Requirement already up-to-date: pyreadline in c:\python27\lib\site-packages
Requirement already up-to-date: PySocks in c:\python27\lib\site-packages
Requirement already up-to-date: MarkupSafe>=0.9.2 in c:\python27\lib\site-packages (from Mako)
Requirement already up-to-date: six>=1.5 in c:\python27\lib\site-packages (from python-dateutil)
Z:\weevely3>weevely.py generate 123 test2.php
Generated backdoor with password '123' in 'test2.php' of 1316 byte size.
Z:\weevely3>weevely.py http://mysite.com/test2.php 123
Traceback (most recent call last):
File "Z:\weevely3\weevely.py", line 98, in <module>
main(arguments)
File "Z:\weevely3\weevely.py", line 51, in main
Terminal(session).cmdloop()
File "Z:\weevely3\core\terminal.py", line 149, in __init__
default_shell = self.session.get('default_shell')
File "C:\Python27\lib\site-packages\mako\template.py", line 462, in render
return runtime._render(self, self.callable_, args, data)
File "C:\Python27\lib\site-packages\mako\runtime.py", line 838, in _render
**_kwargs_for_callable(callable_, data))
File "C:\Python27\lib\site-packages\mako\runtime.py", line 873, in _render_con
text
_exec_template(inherit, lclcontext, args=args, kwargs=kwargs)
File "C:\Python27\lib\site-packages\mako\runtime.py", line 899, in _exec_templ
ate
callable_(context, *args, **kwargs)
File "memory:0x3779358L", line 29, in render_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc0 in position 9: ordinal
not in range(128)
I have this scenario:
Weevely is uploaded in my test site in which I have to login to upload stuff. The only way I can access the php is if I use the logged in user cookie. Tried to set it in config.py under "additional_headers" but I have no idea how to do it right. How can I do this?
I'm having a network error when i try to connect to the remote backdoor.
here is the cmd i ran and the output
sudo weevely http://#############/#######/weev.php 123
[+] weevely 3.2.0
[+] Target: ###############
[+] Session: /root/.weevely/sessions/##################/weev_0.session
[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.
weevely> uname -a
[-][channel] Network error, unable to connect to the remote backdoor
In addition i can say that the target is pwn with a webshell - php but when i try to backconnect there, i can't do it either.. but in both cases i don't have enought verbosity to see what's going on...
Some thoughts?
such as X-Forwarded-For, Cookie
Hello, thank you for this great tool!
One issue with the requirements: when doing pip install -r requirements.txt
, I'm missing the readline library (or pyreadline on Windows).
Me@Computer MINGW64 /q/weevely3 (master)
$ pip install -r requirements.txt
Collecting prettytable (from -r requirements.txt (line 1))
Downloading prettytable-0.7.2.zip
Collecting Mako (from -r requirements.txt (line 2))
Downloading Mako-1.0.6.tar.gz (575kB)
Requirement already satisfied: PyYAML in c:\python27\lib\site-packages (from -r requirements.txt (line 3))
Collecting python-dateutil (from -r requirements.txt (line 4))
Downloading python_dateutil-2.6.0-py2.py3-none-any.whl (194kB)
Collecting PySocks (from -r requirements.txt (line 5))
Downloading PySocks-1.6.5.tar.gz
Collecting MarkupSafe>=0.9.2 (from Mako->-r requirements.txt (line 2))
Downloading MarkupSafe-0.23.tar.gz
Requirement already satisfied: six>=1.5 in c:\python27\lib\site-packages (from python-dateutil->-r requirements.txt (line 4))
Installing collected packages: prettytable, MarkupSafe, Mako, python-dateutil, PySocks
Running setup.py install for prettytable: started
Running setup.py install for prettytable: finished with status 'done'
Running setup.py install for MarkupSafe: started
Running setup.py install for MarkupSafe: finished with status 'done'
Running setup.py install for Mako: started
Running setup.py install for Mako: finished with status 'done'
Running setup.py install for PySocks: started
Running setup.py install for PySocks: finished with status 'done'
Successfully installed Mako-1.0.6 MarkupSafe-0.23 PySocks-1.6.5 prettytable-0.7.2 python-dateutil-2.6.0
Benjamin@C-3PO MINGW64 /q/weevely3 (master)
$ ./weevely.py generate MyP4ss! /q/web.php
Traceback (most recent call last):
File "./weevely.py", line 2, in <module>
from core.terminal import Terminal
File "Q:\weevely3\core\terminal.py", line 9, in <module>
import readline
ImportError: No module named readline
Could you add it to the requirements file? I don't know how to handle both Windows and Linux on this file though (maybe write one file for each OS, or a setup script)?
Thanks!
I know root password in system but I can't execute commands from root.
Hello,
In the requirements .txt, I think there are wrong packages names
pyaml: should be replaced by PyYAML
dateutils: should be replaced by dateutil
It seems you import yaml and dateutil in your code (not pyaml and dateutils).
Thanks
It would be pretty awesome to have a weevely module that'll automatically exploit the dirtycow bug, I know we can't have one for every exploit but this one is so wide spread and useful that it might be worth adding?
Another "pivot" module, seperate but similar to the SOCKS5 proxying. Allows tunnelling arbritary TCP connections via a backdoored box.
Very useful for pivoting onward to, say, SSH on the local box, or RDP/whatever on a box behind it. Can also be combined with bind PTY shells to get a full PTY session on a box without a backconnect ;)
I know the password to the backdoor and for the authentication.
.....~/weevely3$ python weevely.py
Traceback (most recent call last):
File "weevely.py", line 10, in
from core.terminal import Terminal
File "weevely3/core/terminal.py", line 6, in
from core.module import Status
File "weevely3/core/module.py", line 14, in
from core.vectorlist import VectorList
File "weevely3/core/vectorlist.py", line 15, in
from core.vectors import Os
File "weevely3/core/vectors.py", line 11, in
from mako.template import Template
ImportError: No module named mako.template
Spotted this a while back, thought it would make for a neat feature to add alongside the HTTP proxying.
Hello, getting this error when I want to compile an exploit:
[-][channel] Is the trailing comma missing at the end of the PHP code '..chdir('/tmp');gcc tmp/pp.c-o tmp/zombie'?
Regards
weevely> ls
sh: /bin/ls: Permission denied
$ cat
sh: /bin/cat: Permission denied
but with this user i can do ls
and other commands .
Hello, i'm found this error when i'm execute: python weevely.py
can u help me? thanks 😄
Traceback (most recent call last):
File "weevely.py", line 98, in
main(arguments)
File "weevely.py", line 38, in main
password = arguments.password
File "/root/weevely3/core/sessions.py", line 223, in init
saved_url = sessiondb.get('url')
AttributeError: 'NoneType' object has no attribute 'get'
After uploaded the shell on the website...and running any command...its show me following errors...can you help me?
[+] weevely 3.4
[+] Target: xxxxxxxx.com
[+] Session: /root/.weevely/sessions/xxxxxxxx.com/se_0.session
[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.
weevely> ls
Traceback (most recent call last):
File "weevely.py", line 98, in
main(arguments)
File "weevely.py", line 51, in main
Terminal(session).cmdloop()
File "/usr/lib/python2.7/cmd.py", line 141, in cmdloop
line = self.precmd(line)
File "/var/www/py/weevely3/core/terminal.py", line 196, in precmd
self.session['shell_sh']['status'] = modules.loaded['shell_sh'].setup()
File "/var/www/py/weevely3/modules/shell/sh.py", line 99, in setup
condition = lambda result: (
File "/var/www/py/weevely3/core/vectorlist.py", line 80, in find_first_result
result = vector.run(format_args)
File "/var/www/py/weevely3/core/vectors.py", line 121, in run
result = modules.loaded[self.module].run_argv(formatted)
File "/var/www/py/weevely3/core/module.py", line 173, in run_argv
self.session[self.name]['status'] = self.setup()
File "/var/www/py/weevely3/modules/shell/php.py", line 67, in setup
status = self._check_interpreter(channel)
File "/var/www/py/weevely3/modules/shell/php.py", line 39, in _check_interpreter
response, code, error = channel.send(command)
File "/var/www/py/weevely3/core/channels/channel.py", line 112, in send
self._additional_handlers()
File "/var/www/py/weevely3/core/channels/channel.py", line 93, in _additional_handlers
ctx = ssl.create_default_context()
AttributeError: 'module' object has no attribute 'create_default_context'
It would be great to be able to issue commands like this:
:system_procs | grep www-data
There is no any LICENSE
or COPYING
file in the repo, even copyright header is not exist. It confuses a lot, please declare the license.
I run weevely3 on Mac OS, but some errors happened.
The dependent libraries of readline module in Mac OS and Linux, is defferent. There is the official description of the readline module.
I think this information should be explained in the Wiki.
:)
hi there i've just created a backdoor and logged in, but when i do the "ls" command to list the files
i get this error
[-][module] Error, module execution triggered error ''NoneType' object has no attribute 'send''
what can i do?
$ :audit_etcpasswd
[-][module] Error, module execution triggered error 'local variable 'pwdresult' referenced before assignment'
Remote host Linux Centos, runs from MacOS
hey hi sir ,
i found some errors and missing some option as i seen in readme file
[+] weevely 3.3.1
[!] Error: too few arguments
[+] Run terminal to the target
weevely [cmd]
[+] Load session file
weevely session [cmd]
[+] Generate backdoor agent
weevely generate
Hi
When I launch a command weevely, I've got this error message :
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/ming.ini on line 1 in Unknown on line 0
Any idea?
after upload file when ever i run the file from wevely and try to give any command on that connection i am always getting this kind of thing i don't know why ?
weevely> whoami
weevely> [!][terminal] Backdoor communication failed, check URL availability and password
It would be super-great to have a command like :shell_meterpreter <ip port>
to get a connectback to a meterpreter listener.
Will be good to make file_infect module.
file_infect will secure integrate shell in php file.
shells/weevely3 [master●] » sudo ./weevely.py http://swag/lol.php pass
Traceback (most recent call last):
File "./weevely.py", line 37, in
modules.load_modules(session)
File "/home/z/pentest/shells/weevely3/core/modules.py", line 35, in load_modules
folder
File "/home/z/pentest/shells/weevely3/core/module.py", line 74, in init
self.init()
File "/home/z/pentest/shells/weevely3/modules/file/read.py", line 25, in init
{ 'name' : '-vector', 'choices' : modules.loaded['file_download'].vectors.get_names() }
KeyError: 'file_download'
shells/weevely3 [master●] »
When i try "grep access.log -v 174.122.136.104 -output cleaned.log"
I have this error "grep: invalid option -- 't'"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.