In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services.
First, we start with creating a malicious .exe file called mal.exe with msfvenom.
With this payload, we will be able to create a service running our malicious executable.
As the second step, I need to download it to the victim’s machine. For this, I create a web server on my Kali and run the command below in the victim’s machine;
This command can download anything with powershell. As you can see, I run it with my first reverse shell on the victim.
Now, I need to create a Windows service for persistence, using my mal.exe file. So when this service run, mal.exe file will execute on the machine;
After creating the service called MalService, I started it with the second command above.
While I am listening port 4445, when I started the MalService on the victim’s machine, I got the reverse shell as you can see below;
Windows Defender may block it as Trojan:Win64/Meterpreter.E so it is important to make tests according to victim’s antivirus or EDR before running.