Results 1 to 2 of 2

Thread: persistent payload ?

  1. #1
    Join Date
    2013-Jul
    Posts
    41

    Question persistent payload ?

    I've been using MSF for sometime now, as well as Kali & Backtrack.

    I have yet to come across a " working" payload / backdoor , that doesn't require connecting back to the remote " attacker" after the payload has been open on the client side. ( I may be looking in the wrong places, hence my post )

    In other words, I am looking for a payload, once opened it sends notification via email ( or other means ) and the attacker could initiate a connection whenever is convenient , instead of having a listener running and waiting for the payload to finish staging.

    So far, for the notification part I have stumbled upon a metasploit module " notify_mail" which can be found https://funoverip.net/2012/10/metasp...-notification/

    The closes scenario ive been able to achieve has been using the notify plug in as well as a resource script script that once meterpreter session opens , then migrates to another process and begins meterpreter's persistence service . This does not always works...

    I've been looking into empire, and the way empire stages is more of a " fit " but not %100 what I am looking for.

    I'm trying to stay away from VLC ..

    Any ideas ?
    Last edited by hightech316; 2016-07-18 at 13:54. Reason: grammer

  2. #2
    Join Date
    2013-Mar
    Posts
    10
    Attacker can only initiate connections 'whenever is convenient' on bind payloads, in many cases that is not possible due to firewalls/nat so you have to bypass that somehow (i.e: using some kind of vpn client , enable port forward on victims router).
    Otherwise you'll need a reverse connection payload that keeps checking on a sever for commands/other payloads, that's actually what meterpreter reverse persistence service actually does.
    I'm not sure and cannot check it right now, but i believe cobalt strike beacons will do that for you pretty well too.

Similar Threads

  1. Replies: 3
    Last Post: 2016-06-18, 18:25
  2. Replies: 0
    Last Post: 2016-04-25, 01:07
  3. Hid Keyboard, Payload.
    By skycrazy in forum NetHunter How-Tos
    Replies: 4
    Last Post: 2015-10-16, 23:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •