Automated exploitation with persistence – post exploitation to the next level
In previous posts, I showed how to exploit a system using Metasploit.
Especially Windows XP, but also Windows 7 (in presence of the right conditions) can be hacked within seconds.
However, if the user aborts the session, the victim computer gets rebooted or shut down, our Meterpreter session will die, frustrating all our hard work to get into the system.
When this happens, we're gonna have to exploit the system over and over again.
Luckily, there is a way to prevent that and to automatically open a Meterpreter session for us every time the system is accessed.
This can be done with persistence, which allows creating a permanent backdoor on the victim machine.
It is pretty easy to use and its options are pretty intuitive, as shown below.
In my case, I ran the script with the following options, allowing to automatically start a matching exploit/multi/handler to connect to the agent, to automatically start the agents when the system boots and to attempt a connection each 15 seconds.
In order to test whether this works, I purposefully logged out of my user account in Windows XP (victim machine) in order for my Meterpreter session to die.
As soon as I logged in again, a new session was automatically opened for me, which is pretty awesome.
Metasploit allows you to quickly exploit vulnerable systems when certain conditions are met.
After the exploitation stage, a new problem arises about how to maintain access to the exploited system.
Persistence script offers a very effective way to open an invisible persistent backdoor on the victim machine.
Metasploit suggests to use a specific exploit for that, because its latest versions replaced Meterpreter scripts with post-exploitation scripts.
However, the recommended exploit (post/windows/manage/persistence_exe) looks less flexible, as it doesn't allow you to set a time frame for the connection to be automatically re-established.
As an alternative to this exploit,you can set the advanced option ExitOnSession to false when creating the payload for the multi/handler exploit, as shown here:
If so, you're going to have to launch the exploit with exploit – j.