The Metasploit meterpreter has the metsvc backdoor, which will allow you to get the meterpreter shell at any time.

Be aware that the metsvc backdoor doesn't have authentication, so anyone who can access the backdoor's port will be able to use it.

For our example, we will use a Windows XP operating system as the victim machine, whose IP address is 192.168.2.21; our attacking machine has the IP address of 192.168.2.22.

To enable the metsvc backdoor, you first need to exploit the system and get the meterpreter shell. After this, migrate the process using the meterpreter's migrate command to other processes such as explorer.exe (2), so you still have access to the system even though the victim closed your payload (1):

To install the metsvc service, we just need to type the following command:

    run metsvc  

The following is the result of that command:

Now let's go to the victim machine. The backdoor is available at C:Documents and SettingsAdministratorLocal SettingsTempPvtgZxEAL.

You can see the metsvc EXE and DLL files there. Now, let's restart the victim machine to see whether the backdoor will work.

In the attacking machine, we start the multihandler with the metsvc payload using the following options, which are shown here:

After all the options have been set, just type execute to run the attack:

The attack was executed successfully; we now have the meterpreter session again. You can do anything with the meterpreter session.

To remove the metsvc service from the victim machine, you can run the following command from the meterpreter shell:

    run metsvc -r  

After that, remove the metsvc files from the victim machine.