Migrating a Meterpreter Shell To Another Process

Once you get a meterpreter shell it is important to try and hide the process in an attempt to gain persistence.

First of all, make a note of the session number and then background the meterpreter session by issuing the background command

background

Then migrate the meterpreter process to another session. Do this by using the following Metasploit commands:

use post/windows/manage/migrate
msf post(windows/manage/migrate)>set session 1
msf post(windows/manage/migrate)>run

This will then automagically spawn a new process such as notepad.exe and then will bind the meterpreter process to it. This hides the process from anyone who happens to be looking for anything nefarious in running processes. It also has the added advantage of making the meterpreter session much more stable.

You can also try to migrate processes by issuing the ps command, selecting the process ID or PID of another running process and then manually attempting to migrate sessions:

ps
migrate 2288

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s