| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jul 2012 22:43:27 +0200 From: Emilio Pinna <ncl01@...il.it> To: full-disclosure@...ts.grok.org.uk Subject: Weevely 0.7 network proxing Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor as web shell to manage legit web accounts, even free hosted one. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing. Here’s what you’ll get with 0.7 release: * Execute commands and browse remote filesystem, even with PHP security restriction * Proxies modules forward your HTTP traffic trough remote target machine as a real proxy * Portscan modules to perform port scans from backdoored web server * Complete SQL console to pivot commands through target machine * SQL dump utilities * Audit common server misconfigurations * Open HTTP proxy to tunnel your traffic through target * Simple file transfer from and to target * Spawn reverse and direct TCP shells * Bruteforce passwords of target system users * Run port scans from target machine Web site: http://epinna.github.com/Weevely/ Author release blog post: http://disse.cting.org/blog/2012/07/10/weevely-0.7-network-proxing/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists