lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAHPiOv8T7nrtiKZKW-=Cqknz8gK6C6JdH-J=qKB1m82t=chmDw@mail.gmail.com>
Date: Tue, 10 Jul 2012 22:43:27 +0200
From: Emilio Pinna <ncl01@...il.it>
To: full-disclosure@...ts.grok.org.uk
Subject: Weevely 0.7 network proxing

Weevely is a stealth PHP web shell that simulate telnet-like
connection. It is an essential tool for web application post
exploitation, and can be used as stealth backdoor as web shell to
manage legit web accounts, even free hosted one. Is currently included
in Backtrack and Backbox and other Linux distributions for penetration
testing.

Here’s what you’ll get with 0.7 release:

* Execute commands and browse remote filesystem, even with PHP
security restriction
* Proxies modules forward your HTTP traffic trough remote target
machine as a real proxy
* Portscan modules to perform port scans from backdoored web server
* Complete SQL console to pivot commands through target machine
* SQL dump utilities
* Audit common server misconfigurations
* Open HTTP proxy to tunnel your traffic through target
* Simple file transfer from and to target
* Spawn reverse and direct TCP shells
* Bruteforce passwords of target system users
* Run port scans from target machine

Web site: http://epinna.github.com/Weevely/
Author release blog post:
http://disse.cting.org/blog/2012/07/10/weevely-0.7-network-proxing/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ