Weevely 3 overview

Weevely, the web shell for penetration testing included in BackBox since the earlier releases, has been forked and heavily rewritten as Weevely 3.0 to improve its extendibility and provide new modules for administration, post exploitation, and privilege escalation exploiting any web access.

The weevely modules ecosystem provides a working shell interface even with no shell command execution, replacing the standard shell commands (e.g. the file editors, cd and ls, SQL cli and dump, compression utilities, port scanners, etc.) with the weevely modules.

The weevely wiki tutorials shows some example on how to edit remote files, harvest and reuse some SQL credentials or bruteforce them. Who wants can follow also the tutorial about developing new modules.

Weevely can be extended to automatize the auditing or privilege escalation tasks, exploit specific vulnerabilities, enumerate accounts, scrape sensitive data, pivot on the target to scan the internal networks, run HTTP or SQL requests and do a whole lot of other cool stuff.

Weevely is installed by default on BackBox, download it now or get your version of weevely here.

BackBox Linux 4.1 released!

The BackBox Team is pleased to announce the updated release of BackBox Linux, the version 4.1!

This release includes features such as Linux Kernel 3.13, EFI mode, Anonymous mode, LVM + Disk encryption installer, privacy additions and armhf Debian packages.

The ISO images (32bit & 64bit) can be downloaded from the following location:


BackBox Linux 4 Metapackages

BackBox 4.0 has now a fully customizable tools arsenal!

New packages have been created, one for each of the Auditing categories, which bring with them all the package of that specific pentesting field. So you can customize your box and install just what you really need, conforming to the BackBox philosophy of lightness, simplicity and completeness.

The packages we introduced to implement this new concept are:

  • backbox-documentation-reporting
  • backbox-exploitation
  • backbox-forensics-analysis
  • backbox-information-gathering
  • backbox-maintaining-access
  • backbox-miscellaneous
  • backbox-mobile-analysis
  • backbox-privilege-escalation
  • backbox-reverse-engineering
  • backbox-social-engineering
  • backbox-stress-testing
  • backbox-voip-analysis
  • backbox-vulnerability-assessment
  • backbox-wireless-analysis

Every user is strongly advised to install backbox-tools package in order to get all the categories and the tools as before, and conform to the new packaging structure. It's as simple as:

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install backbox-tools

For any problem let us know.


Subscribe to RSS - blogs