[framework] Place a Meterpreter backdoor
godzeye godzeye
godzeye at gmail.com
Mon May 14 03:53:55 CDT 2007
yes.it is a good !
2007/5/13, BardoBaggins <bardo at mclink.it>:
>
> Tnx both of you :)
>
> I thought that just placing a register key to execue it on boot would
> have done the trick. I'll check out the solution you told me and then
> report :)
>
> Bye !
>
> Bardo
>
> Ramakrishna Nyayapathi wrote:
> > Hi,
> >
> > You could try to install it as service..
> > check out instsrv.exe/srvany.exe from winxp admin toolkit. Also sc.exe
> > and reg.exe would be handy I guess.
> >
> >
> > On 5/11/07, * Kurt Grutzmacher* <grutz at jingojango.net
> > <mailto:grutz at jingojango.net>> wrote:
> >
> > On Fri, May 11, 2007 at 03:58:09PM +0000, BardoBaggins wrote:
> > > Thanks!
> > > That was EXACTLY what I wanted to know :)
> > > tried out adn worked perfectly... except for a little issue. If
> > I try to
> > > NMAP (SYN Scan) the 4444 port on the remote host to check if
> > it's open,
> > > the backdoor process crashes. This happened on a WinXP SP2
> Italian.
> >
> > Unless you install it as a service or write a wrapper to daemonize
> it
> > the process will crash without valid stage loaders. Meterpreter,
> > while
> > awesome in what it does, is no persistent backdoor/rootkit. :)
> >
> >
> > --
> > ..:[ grutz at jingojango dot net ]:..
> > GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03
> > 8CB3 ECB4
> > "There's just no amusing way to say, 'I have a CISSP'."
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070514/f3d7f0ad/attachment.htm
More information about the framework
mailing list