Hi! I just managed to set up my Windows vm using Vmware, and I'm very eager to learn about pentesting. I've ready many tutorials both on this forum, and other websites, and I've managed to gain access to my vm by exploiting ms08_067_netapi. I used a payload of windows/meterpreter/bind_tcp, and I was able to spawn a Meterpreter session. I then read that I should migrate my pid to EXPLORER.EXE so my exploited program isn't closed. After doing this, I attempted to set up a keyloger (using keyscan_start and keyscan_dump) on iexplorer.exe and see if I could catch what my "victim" was browsing, and everything worked! However, after I closed my iexplorer.exe on my vm, my meterpreter shell stoped responding. Which makes sense, because I didn't "migrate" to a new pid before I closed iexplorer.exe.

So my question is, is there a way to spawn a Meterpreter Session from a current Meterpreter Session, or do I have to re-exploit the vm to gain another Meterpreter Session. My thinking is that if I can spawn a Meterpreter Session from my current one, I don't have to worry about iexplorer.exe getting closed before I can migrate out, because I'll have another session still logged in. I was also looking into channels and they looked like a viable way to keylog in a program but not lose my connection if that program was closed.

I'm still learning about Backtrack and Metasploit so I'm sorry if this is a simple question or that I'm missing something basic. Thanks for any feedback!