OJ
commented
8 years ago Isn't that the same as this? https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/registry_persistence.rb
Closed zero77 closed 8 years ago
OJ
commented
8 years ago Isn't that the same as this? https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/registry_persistence.rb
zero77
commented
8 years ago Thanks, I wasn’t aware there was a module already.
As an example if you were to use a reverse_https payload and you wanted to make it persistent, you would have to have the payload written to disk and the file called at the start up process, but correct me if I am wrong.
So can you add the ability to have a complete fileless start up where the original payload can be deleted from disc and be able to still start up at the next start up point.
Method 1 (This method is much better) https://blog.gdatasoftware.com/2014/07/23947-poweliks-the-persistent-malware-without-a-file
Method 2 https://www.malwaretech.com/2014/12/phase-bot-fileless-rootki.html
Thanks