Cybrary.it

2016-12-31 23:35:42 Most sites like this will block uploads of scripts, but not every site is perfect. Open / Comment

2016-12-31 23:35:08 Open / Comment

2016-12-31 23:34:54 Another thing you might try is to find a vulnerable website with upload abilities—the kind that lets you share a file or image. Do that, get the link to your file, and you're in business. Open / Comment

2016-12-31 23:34:41 My info.php will still work as usual, but the script below will remain quite until called upon. Open / Comment

2016-12-31 23:34:06 Open / Comment

2016-12-31 23:33:46 Then, I'll paste that entire block of PHP code below all the other PHP code on a file running on my server. Here, I'm pasting it below everything in my server'sinfo.php file. I had to use the Vi editor on my server, but if you're little rusty on Vi/Vim, there's a guide here on Null Byte that can help you out: Open / Comment

2016-12-31 23:33:36 Open / Comment

2016-12-31 23:33:20 Slip in Your Backdoor

Armed with this new PHP script (backdoor.php, in our case), we can now consider a few ways that we can use it. First, if you have access to a server, you can simply copy/paste the contents of your PHP file into another accessible PHP file on the server. For example, a config.php or settings.php file that might be found there. First, I'll copy the contents of mybackdoor.php script with a text editor. Open / Comment

2016-12-31 23:33:05 Open / Comment

2016-12-31 23:32:49 For our example, we'll be using the "Generate backdoor agent" option. Let's make our passwordpazzWurD, and call our PHP file path backdoor.php. We should end up with a file called backdoor.php in the same directory where we're working.

Please note that backdoor.php is not a good name for your PHP file. This is just an example. You don't want to draw too much attention to what you're doing, so make sure to replace both "mypassword" and "myfilename.php" below with something less obvious.

./weevely.py generate mypassword myfilename.php Open / Comment