Metasploit mailing list archives

Place a Meterpreter backdoor

From: nramkey at gmail.com (Ramakrishna Nyayapathi)
Date: Sat, 12 May 2007 12:13:19 +0530

Hi,

You could try to install it as service..
check out instsrv.exe/srvany.exe from winxp admin toolkit. Also sc.exe and
reg.exe would be handy I guess.


On 5/11/07, Kurt Grutzmacher <grutz at jingojango.net> wrote:


On Fri, May 11, 2007 at 03:58:09PM +0000, BardoBaggins wrote:

Thanks!
That was EXACTLY what I wanted to know :)
tried out adn worked perfectly... except for a little issue. If I try to
NMAP (SYN Scan) the 4444 port on the remote host to check if it's open,
the backdoor process crashes. This happened on a WinXP SP2 Italian.


Unless you install it as a service or write a wrapper to daemonize it
the process will crash without valid stage loaders. Meterpreter, while
awesome in what it does, is no persistent backdoor/rootkit. :)


--
                 ..:[ grutz at jingojango dot net ]:..
     GPG fingerprint: 5FD6 A27D 63DB 3319 140F  B3FB EC95 2A03 8CB3 ECB4
        "There's just no amusing way to say, 'I have a CISSP'."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070512/b6995a2c/attachment.htm>

Current thread:

Place a Meterpreter backdoor BardoBaggins (May 10)
- Place a Meterpreter backdoor Ramakrishna Nyayapathi (May 10)
  - Place a Meterpreter backdoor BardoBaggins (May 11)
    - Place a Meterpreter backdoor Kurt Grutzmacher (May 11)
    - Place a Meterpreter backdoor Ramakrishna Nyayapathi (May 11)
    - Place a Meterpreter backdoor BardoBaggins (May 12)
    - Place a Meterpreter backdoor godzeye godzeye (May 14)