About

This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.

7 comments on “About

  1. Hi , thank you for the important information that’s you provide on your blog

    if there any possibility to ask you more about powershell based worm

  2. Hi thank you for the reply , i would like , if it’s could spread over the network ..
    and if you can provide me with codes …

  3. Hi khr@sh, thanks for your awesome blog and metalspoilt module “Mof_ps_persitence, I recently started using it and it’s functioning although am having alittle problem with it and I would like to inform you about some few attributes it’s emulated, I don’t know if it’s cause of my system or my Kali rolling when I upload mof_ps_persistence, I get persistence but during meterpreter interactions it’s still sending stage and creating more sessions, disrupting my current sessions, I also noticed that ( a good one this time) getsystem or elevated privilege remains even after rebooting and stuffs like that …unlike some other persistent script, but I would really appreciate if there’s anyway to stop the continued sessions creation and when I load my msf console it always say platform win over wrtten in Line 48 for your persistent module

    • The functionality is to replicate the exact same every X seconds the payload is run just as with the old persistence method. You are elevated after reboot because the WMI script is being executed as NT AUTHORITY/SYSTEM. To lower the number of connections, simply increase the dwell time (60 seconds is the default). Also, you can use the resource files to clean the WMI script to halt the persistence. Lastly, I’m not sure why the overwritten is happening, maybe something to do with the recent overhaul of metasploit.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s