It is very important to migrate your backdoor to any other background process of windows otherwise the victim can find it by going through task manager.
Migrating the backdoor also benefits the attacker in the way that when the victim executes the backdoor file, session gets started but when that file is closed, the session also get closed, so attacker have to be very quick to do this as soon as the session opens.
To get system level or admin privilege we have to execute it as admin which is monitored my windows UAC.
It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux. if not Installed,you can download from here https://www.metasploit.com/
Step 1 : Firtly get a meterpreter of victim PC and a get a admim privilege of vitim pc using bypassuac
How To Bypass UAC And Get Admin Privilege in Windows Using MetaSploit.
Step 2 : We now have a full Meterpreter shell to the target.Now the session has opened type sysinfo to get system information
Step 3 : Just Type help to see more action.
Step 4 : Type ps Command
The "ps" command displays a list of running processes on the target.
meterpreter > ps
Step 5 :
we exploit the remote system and migrate to the "Explorer.exe" process in case the user notices the exploited service is not responding and decides to kill it.
meterpreter > migrate 1516
Step 6 : Now its time to check if the backdoor will open for us a new session every time that the system will boot. So we will reboot the system.
Windows is shutting down
See all sessions automatically closed.
Step 7 : Even after the system reboots, the Meterpreter on the victim system attempts to connect to us every 5 seconds until it has successfully open a session for us.
Step 8 : Now we have successfully opened a persistent connection on the victim system that we can come back to time and time again.