epinna / weevely3 Goto Github PK

weevely> ls
sh: /bin/ls: Permission denied

$ cat 
sh: /bin/cat: Permission denied

but with this user i can do lsand other commands .

Hello,
In the requirements .txt, I think there are wrong packages names
pyaml: should be replaced by PyYAML
dateutils: should be replaced by dateutil
It seems you import yaml and dateutil in your code (not pyaml and dateutils).
Thanks

Another "pivot" module, seperate but similar to the SOCKS5 proxying. Allows tunnelling arbritary TCP connections via a backdoored box.

Very useful for pivoting onward to, say, SSH on the local box, or RDP/whatever on a box behind it. Can also be combined with bind PTY shells to get a full PTY session on a box without a backconnect ;)

http://www.secforce.com/research/tunna.html

I have this scenario:

Weevely is uploaded in my test site in which I have to login to upload stuff. The only way I can access the php is if I use the logged in user cookie. Tried to set it in config.py under "additional_headers" but I have no idea how to do it right. How can I do this?

After uploaded the shell on the website...and running any command...its show me following errors...can you help me?

[+] weevely 3.4

[+] Target: xxxxxxxx.com
[+] Session: /root/.weevely/sessions/xxxxxxxx.com/se_0.session

[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.

weevely> ls
Traceback (most recent call last):
File "weevely.py", line 98, in
main(arguments)
File "weevely.py", line 51, in main
Terminal(session).cmdloop()
File "/usr/lib/python2.7/cmd.py", line 141, in cmdloop
line = self.precmd(line)
File "/var/www/py/weevely3/core/terminal.py", line 196, in precmd
self.session['shell_sh']['status'] = modules.loaded['shell_sh'].setup()
File "/var/www/py/weevely3/modules/shell/sh.py", line 99, in setup
condition = lambda result: (
File "/var/www/py/weevely3/core/vectorlist.py", line 80, in find_first_result
result = vector.run(format_args)
File "/var/www/py/weevely3/core/vectors.py", line 121, in run
result = modules.loaded[self.module].run_argv(formatted)
File "/var/www/py/weevely3/core/module.py", line 173, in run_argv
self.session[self.name]['status'] = self.setup()
File "/var/www/py/weevely3/modules/shell/php.py", line 67, in setup
status = self._check_interpreter(channel)
File "/var/www/py/weevely3/modules/shell/php.py", line 39, in _check_interpreter
response, code, error = channel.send(command)
File "/var/www/py/weevely3/core/channels/channel.py", line 112, in send
self._additional_handlers()
File "/var/www/py/weevely3/core/channels/channel.py", line 93, in _additional_handlers
ctx = ssl.create_default_context()
AttributeError: 'module' object has no attribute 'create_default_context'

There is no any LICENSE or COPYING file in the repo, even copyright header is not exist. It confuses a lot, please declare the license.

hi there i've just created a backdoor and logged in, but when i do the "ls" command to list the files
i get this error
[-][module] Error, module execution triggered error ''NoneType' object has no attribute 'send''

what can i do?

Hello. I downloaded the latest version of the script. I'm trying to run weevely, but I'm constantly getting errors. I could not find the answer myself. I ask for help.

C:\Python27>python --version
Python 2.7.13

C:\Python27\Scripts>pip-script.py install prettytable Mako PyYAML python-dateutil pyreadline PySocks --upgrade
Requirement already up-to-date: prettytable in c:\python27\lib\site-packages
Requirement already up-to-date: Mako in c:\python27\lib\site-packages
Requirement already up-to-date: PyYAML in c:\python27\lib\site-packages
Requirement already up-to-date: python-dateutil in c:\python27\lib\site-packages
Requirement already up-to-date: pyreadline in c:\python27\lib\site-packages
Requirement already up-to-date: PySocks in c:\python27\lib\site-packages
Requirement already up-to-date: MarkupSafe>=0.9.2 in c:\python27\lib\site-packages (from Mako)
Requirement already up-to-date: six>=1.5 in c:\python27\lib\site-packages (from python-dateutil)

Z:\weevely3>weevely.py generate 123 test2.php
Generated backdoor with password '123' in 'test2.php' of 1316 byte size.

Z:\weevely3>weevely.py http://mysite.com/test2.php 123
Traceback (most recent call last):
  File "Z:\weevely3\weevely.py", line 98, in <module>
    main(arguments)
  File "Z:\weevely3\weevely.py", line 51, in main
    Terminal(session).cmdloop()
  File "Z:\weevely3\core\terminal.py", line 149, in __init__
    default_shell = self.session.get('default_shell')
  File "C:\Python27\lib\site-packages\mako\template.py", line 462, in render
    return runtime._render(self, self.callable_, args, data)
  File "C:\Python27\lib\site-packages\mako\runtime.py", line 838, in _render
    **_kwargs_for_callable(callable_, data))
  File "C:\Python27\lib\site-packages\mako\runtime.py", line 873, in _render_con
text
    _exec_template(inherit, lclcontext, args=args, kwargs=kwargs)
  File "C:\Python27\lib\site-packages\mako\runtime.py", line 899, in _exec_templ
ate
    callable_(context, *args, **kwargs)
  File "memory:0x3779358L", line 29, in render_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc0 in position 9: ordinal
not in range(128)

i got this error when i'm excecute this command >> python weevely URL password
i'm using python2.7.6 in ubuntu 14.04, and i've deleted file .weevely in root dir
can u help me please 😃

epinna we need to talk add me please Jabber ( [email protected] )

I'm having a network error when i try to connect to the remote backdoor.

here is the cmd i ran and the output

sudo weevely http://#############/#######/weev.php 123

[+] weevely 3.2.0

[+] Target: ###############
[+] Session: /root/.weevely/sessions/##################/weev_0.session

[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.

weevely> uname -a
[-][channel] Network error, unable to connect to the remote backdoor

In addition i can say that the target is pwn with a webshell - php but when i try to backconnect there, i can't do it either.. but in both cases i don't have enought verbosity to see what's going on...
Some thoughts?

Traceback (most recent call last):
File "./weevely.py", line 98, in
main(arguments)
File "./weevely.py", line 48, in main
modules.load_modules(session)
File "/home/oche/weevely/core/modules.py", line 24, in load_modules
(module_group, module_name), fromlist=["*"]
File "/home/oche/weevely/modules/shell/php.py", line 4, in
from core.channels.channel import Channel
File "/home/oche/weevely/core/channels/channel.py", line 7, in
import socks
ImportError: No module named socks

and im using fedora 22.
Thanks.

I know the password to the backdoor and for the authentication.

It would be super-great to have a command like :shell_meterpreter <ip port> to get a connectback to a meterpreter listener.

When I try to run in the browser:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
....
More information about this error may be available in the server error log.

When I try to run the terminal:

[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[-] [Channel] The remote script execution triggers an error 500, please VERIFY integrity script and sent payload correctness
[!] [Terminal] Backdoor communication failed: please check reachability URL and password

* But on the local server runs fine.*

It would be great to be able to issue commands like this:

:system_procs | grep www-data

Hey, Im using windows python2.7 to run weevely.
I tried to use NANO but my PC denied access to .temp folder where edited files are temporary kept. Any ideas how to fix that? I run command line in Admin mode of course.

was able to generate the .php file, but through the admin webfront, i have to upload a .zip file that is a directory structure with additional files.

any suggestions on how to create this?

such as X-Forwarded-For, Cookie

How about logs weevely 3 are stealth on system ?
PS. Will be good to make module ( Clear logs)

After I run weevely generate 123456 wee.php,I can`t find any wee.php in my Kali Linux.

Generated backdoor with password '123456' in 'wee.php' of 1456 byte size.

So where`s the wee.php

What is the difference between module :backdoor_tcp and :backdoor_reversetcp?

And in what situation can we use them?

I've juste triggered an encoding error inside the sql_console module. Didn't have the time to check further in, but here is the error message I received and the .

[D][module] Traceback (most recent call last):
  File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 105, in run_cmdline
    result = self.run_argv(command)
  File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 178, in run_argv
    return self.run()
  File "/home/nico/exp/tools/shells/weevely3/modules/sql/console.py", line 121, in run
    self.print_result(result)
  File "/home/nico/exp/tools/shells/weevely3/modules/sql/console.py", line 129, in print_result
    Module.print_result(self, result['result'])
  File "/home/nico/exp/tools/shells/weevely3/core/module.py", line 348, in print_result
    log.info(utils.prettify.tablify(result))
  File "/home/nico/exp/tools/shells/weevely3/utils/prettify.py", line 56, in tablify
    output = table.get_string()
  File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 987, in get_string
    formatted_rows = self._format_rows(rows, options)
  File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 942, in _format_rows
    return [self._format_row(row, options) for row in rows]
  File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 939, in _format_row
    return [self._format_value(field, value) for (field, value) in zip(self._field_names, row)]
  File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 890, in _format_value
    return self._unicode(value)
  File "/home/nico/.virtualenvs/weevely/local/lib/python2.7/site-packages/prettytable.py", line 181, in _unicode
    value = unicode(value, self.encoding, "strict")
  File "/home/nico/.virtualenvs/weevely/lib/python2.7/encodings/utf_8.py", line 16, in decode
    return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xe2 in position 4: invalid continuation byte

Hi
When I launch a command weevely, I've got this error message :
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/ming.ini on line 1 in Unknown on line 0

Any idea?

Spotted this a while back, thought it would make for a neat feature to add alongside the HTTP proxying.

https://github.com/sensepost/reGeorg

Hello, getting this error when I want to compile an exploit:

[-][channel] Is the trailing comma missing at the end of the PHP code '..chdir('/tmp');gcc tmp/pp.c-o tmp/zombie'?

Regards

I did everything that I have to do for the first run
Traceback (most recent call last):
File "weevely.py", line 2, in
from core.terminal import Terminal
File "C:\Python27\weevely3-master\core\terminal.py", line 6, in
from core.module import Status
File "C:\Python27\weevely3-master\core\module.py", line 14, in
from core.vectorlist import VectorList
File "C:\Python27\weevely3-master\core\vectorlist.py", line 15, in
from core.vectors import Os
File "C:\Python27\weevely3-master\core\vectors.py", line 16, in
import utils
File "C:\Python27\weevely3-master\utils_init_.py", line 3, in
import strings
ImportError: No module named 'strings'

after upload file when ever i run the file from wevely and try to give any command on that connection i am always getting this kind of thing i don't know why ?

weevely> whoami
weevely> [!][terminal] Backdoor communication failed, check URL availability and password

.....~/weevely3$ python weevely.py
Traceback (most recent call last):
File "weevely.py", line 10, in
from core.terminal import Terminal
File "weevely3/core/terminal.py", line 6, in
from core.module import Status
File "weevely3/core/module.py", line 14, in
from core.vectorlist import VectorList
File "weevely3/core/vectorlist.py", line 15, in
from core.vectors import Os
File "weevely3/core/vectors.py", line 11, in
from mako.template import Template
ImportError: No module named mako.template

net_phpproxy can't upload poxy.php to server because module upload2web doesn't have arg -rname

change line 37 to os.path.join(self.args['rpath'], self.args['rname'])
and remove line 38

Will be good to make file_infect module.
file_infect will secure integrate shell in php file.

Will be good to make when download file or upload file to show speed and progress.

I know root password in system but I can't execute commands from root.

hey hi sir ,
i found some errors and missing some option as i seen in readme file

[+] weevely 3.3.1
[!] Error: too few arguments

[+] Run terminal to the target
weevely [cmd]

[+] Load session file
weevely session [cmd]

[+] Generate backdoor agent
weevely generate

Hello, i'm found this error when i'm execute: python weevely.py
can u help me? thanks 😄

Traceback (most recent call last):
File "weevely.py", line 98, in
main(arguments)
File "weevely.py", line 38, in main
password = arguments.password
File "/root/weevely3/core/sessions.py", line 223, in init
saved_url = sessiondb.get('url')
AttributeError: 'NoneType' object has no attribute 'get'

When i try "grep access.log -v 174.122.136.104 -output cleaned.log"
I have this error "grep: invalid option -- 't'"

when I change my working directory to something like E:\ or C:\, I can't execute any command.
seems like the problem is chdir('E:\');

my log:

[D][php] PAYLOAD chdir('E:\');@error_reporting(0);@system('dir 2>&1');
>>>> cd E:Code
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);
                if(is_callable('posix_getpwuid')&&is_callable('posix_geteuid')) {
                    $u=@posix_getpwuid(@posix_geteuid());
                    if($u){
                        $u=$u['name'];
                    } else {
                        $u=getenv('username');
                    }
                    print($u);
                }
            
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);@chdir('E:Code')&&print(@getcwd());
[-][cd] Failed cd 'E:Code': no such directory or permission denied
>>>> cd E:/Code
[D][php] PAYLOAD chdir('E:\');@error_reporting(0);
                if(is_callable('posix_getpwuid')&&is_callable('posix_geteuid')) {
                    $u=@posix_getpwuid(@posix_geteuid());
                    if($u){
                        $u=$u['name'];
                    } else {
                        $u=getenv('username');
                    }
                    print($u);
                }

Will be good to integrate TOR in weevely.

[ Sqlmap Example: sqlmap.py --check-tor --tor --tor-port 9050 --tor-type=SOCKS5 ]

I run weevely3 on Mac OS, but some errors happened.

The dependent libraries of readline module in Mac OS and Linux, is defferent. There is the official description of the readline module.

I think this information should be explained in the Wiki.

:)

$ :audit_etcpasswd
[-][module] Error, module execution triggered error 'local variable 'pwdresult' referenced before assignment'

Remote host Linux Centos, runs from MacOS

• Integrate weevely3 as Metasploit payload
• Allow chains of session to bounce between multiple weevely agents

This is already somewhat possible, with some buggering around and stuff, but it would be neat to have a properly documented/supported way to do "import weevely" from other python programs and use its functionality (such as generating backdoors, connecting to shells, etc), for fully automating post-exploitation tasks, payload handling, etc.

It would be pretty awesome to have a weevely module that'll automatically exploit the dirtycow bug, I know we can't have one for every exploit but this one is so wide spread and useful that it might be worth adding?

shells/weevely3 [master●] » sudo ./weevely.py http://swag/lol.php pass
Traceback (most recent call last):
File "./weevely.py", line 37, in
modules.load_modules(session)
File "/home/z/pentest/shells/weevely3/core/modules.py", line 35, in load_modules
folder
File "/home/z/pentest/shells/weevely3/core/module.py", line 74, in init
self.init()
File "/home/z/pentest/shells/weevely3/modules/file/read.py", line 25, in init
{ 'name' : '-vector', 'choices' : modules.loaded['file_download'].vectors.get_names() }
KeyError: 'file_download'
shells/weevely3 [master●] »

It would be great to have the testsuite run automatically on each commit/pull-request to avoid regressions, with for example travis-ci: it's a simple yaml file with a simple syntax, and it's a free service.

On server where working even weevely3 not working.

The system shell interpreter is not available in this session.
PHP code and modules execution are available. Use the following
command replacements to simulate an unrestricted shell.

zip, unzip file_zip
touch file_touch
gzip, gunzip file_gzip
curl net_curl
nmap net_scan
cd file_cd
rm file_rm
cat file_read
vi, vim, emacs, nano, pico, gedit, kwrite file_edit
wget file_webdownload
find file_find
tar file_tar
ifconfig net_ifconfig
bzip2, bunzip2 file_bzip2
ls, dir file_ls
grep file_grep

weevely> ls
40606
40606@40606:40606 PHP> ps
40606
40606@40606:40606 PHP> file_ls
40606

sir i did all the things that i found in ur link https://github.com/epinna/weevely3/wiki/Install-and-first-run
1>i am using kali rolling
2>i have installed all thing that was described in that link , linux
3> Generated backdoor with password 'mypassword' in 'agent.php' of 1469 byte size.

every thing done but again same problem missing some argument

[+] weevely 3.3.1
[!] Error: too few arguments

[+] Run terminal to the target
weevely [cmd]

[+] Load session file
weevely session [cmd]

[+] Generate backdoor agent
weevely generate

Hello, thank you for this great tool!

One issue with the requirements: when doing pip install -r requirements.txt, I'm missing the readline library (or pyreadline on Windows).

Me@Computer MINGW64 /q/weevely3 (master)
$ pip install -r requirements.txt
Collecting prettytable (from -r requirements.txt (line 1))
  Downloading prettytable-0.7.2.zip
Collecting Mako (from -r requirements.txt (line 2))
  Downloading Mako-1.0.6.tar.gz (575kB)
Requirement already satisfied: PyYAML in c:\python27\lib\site-packages (from -r requirements.txt (line 3))
Collecting python-dateutil (from -r requirements.txt (line 4))
  Downloading python_dateutil-2.6.0-py2.py3-none-any.whl (194kB)
Collecting PySocks (from -r requirements.txt (line 5))
  Downloading PySocks-1.6.5.tar.gz
Collecting MarkupSafe>=0.9.2 (from Mako->-r requirements.txt (line 2))
  Downloading MarkupSafe-0.23.tar.gz
Requirement already satisfied: six>=1.5 in c:\python27\lib\site-packages (from python-dateutil->-r requirements.txt (line 4))
Installing collected packages: prettytable, MarkupSafe, Mako, python-dateutil, PySocks
  Running setup.py install for prettytable: started
    Running setup.py install for prettytable: finished with status 'done'
  Running setup.py install for MarkupSafe: started
    Running setup.py install for MarkupSafe: finished with status 'done'
  Running setup.py install for Mako: started
    Running setup.py install for Mako: finished with status 'done'
  Running setup.py install for PySocks: started
    Running setup.py install for PySocks: finished with status 'done'
Successfully installed Mako-1.0.6 MarkupSafe-0.23 PySocks-1.6.5 prettytable-0.7.2 python-dateutil-2.6.0

Benjamin@C-3PO MINGW64 /q/weevely3 (master)
$ ./weevely.py generate MyP4ss! /q/web.php
Traceback (most recent call last):
  File "./weevely.py", line 2, in <module>
    from core.terminal import Terminal
  File "Q:\weevely3\core\terminal.py", line 9, in <module>
    import readline
ImportError: No module named readline

Could you add it to the requirements file? I don't know how to handle both Windows and Linux on this file though (maybe write one file for each OS, or a setup script)?

Thanks!

Traceback (most recent call last):
File "./weevely.py", line 98, in <module>
main(arguments)
File "./weevely.py", line 38, in main
password = arguments.password
File "/root/weevely3/core/sessions.py", line 223, in __init__
saved_url = sessiondb.get('url')
AttributeError: 'NoneType' object has no attribute 'get'

Bug in generate.py as of commit 4964d6e (or earlier).

Traceback:

lsd@delerium:~/tools/weevely3$ ./generate.py password123 agent.php
Traceback (most recent call last):
  File "./generate.py", line 96, in <module>
    agent = args.agent
  File "./generate.py", line 48, in generate
    (obfuscator_path, str(e)))
core.weexceptions.FatalException: Error with obfuscator template 'bd/obfuscators/obfusc1_php.tpl': expected string or buffer
lsd@delerium:~/tools/weevely3$