Installing backdoors
Having a shell on the target system is great, but sometimes it is not enough. With a backdoor, we will be able to ensure persistence and get access to the system, even if the vulnerability gets patched.
Getting ready
Now that we have a session in the target system, we will use that session to backdoor a service; in this recipe, we will start by backdooring the Apache server:
![](https://static.packt-cdn.com/products/9781788623179/graphics/97ea79da-f382-4549-8e8f-629a20d10daa.png)
Next, we will use the Windows Registry Only Persistence local exploit module to create a backdoor that is executed during boot.
Lastly, we will use Windows Management Instrumentation (WMI) to create a persistent fileless backdoor. The WMI Event Subscription Persistence exploit module creates a permanent WMI event subscription to achieve file-less persistence.
How to do it...
- Since we cannot backdoor a binary while it is running, the first thing we need to do is to kill the Apache process (
httpd.exe
), using thekill
command followed by the PID of the process:
meterpreter > kill 3820 Killing: 3820 meterpreter...