Setting up persistent access

Once we have access to the target machine, we can pivot to internal networks, as we saw in the previous chapter, but it is also mandatory to retain the hard-earned access. However, for a sanctioned penetration test, it should be mandatory only for the duration of the test and should be within the scope of the project. Meterpreter permits us to install backdoors on the target using two different approaches: MetSVC and Persistence.

We will see some of the advanced persistence techniques in the upcoming chapters. Hence, here we will discuss the MetSVC method. The MetSVC service is installed in the compromised system as a service. Moreover, it opens a port permanently for the attacker to connect to whenever he or she wants.

Installing MetSVC at the target is easy. Let's see how we can do this:

We can see that the MetSVC service creates a service at port 31337, and uploads the malicious files as well.

Later, whenever access is required to this service, we need to use the metsvc_bind_tcp payload with an exploit-handler script, which will allow us to connect to the service again, as shown in the following screenshot:

The effect of MetSVC remains even after a reboot of the target machine. MetSVC is handy when we need permanent access to the target system, as it saves time that is required for re-exploitation of the target.