Persistence via Creating a Windows Service

In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services.

First, we start with creating a malicious .exe file called mal.exe with msfvenom.

With this payload, we will be able to create a service running our malicious executable.

As the second step, I need to download it to the victim’s machine. For this, I create a web server on my Kali and run the command below in the victim’s machine;

This command can download anything with powershell. As you can see, I run it with my first reverse shell on the victim.

Now, I need to create a Windows service for persistence, using my mal.exe file. So when this service run, mal.exe file will execute on the machine;

After creating the service called MalService, I started it with the second command above.

While I am listening port 4445, when I started the MalService on the victim’s machine, I got the reverse shell as you can see below;

Windows Defender may block it as Trojan:Win64/Meterpreter.E so it is important to make tests according to victim’s antivirus or EDR before running.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s