Weevely is a useful tool in Kali that makes webshells a lot easier and simple to use. Once you have a server exploited to the point where you can add your own files to the server, you can use Weevely to generate a php script. Below is the command to generate a weevely script on the command line, with '12345' being the script password and the file location being the place where you want to store your backdoor.
The next step is to upload your file to the server. Once you have uploaded your file, you can access the webshell from your own device by using the command below. Once you have used Weevely to access the webshell, you can issue commands from your command line as if you were on the command line of the server.
In the command above, the password is '12345' to access the webshell, which we set in the generate stage. The target location is the file location of your script on the target server.
Reflections
After using Weevely in Lab 8.1, it becomes apparent it is a much more user friendly setup compared to using your webshell in a browser. Weevely eliminates the need for you to think about adding + signs in your command and also encrypts the shell. Weevely also takes about the same amount of time, maybe even less, than setting up a traditional webshell which gives it yet another advantage.
