After exploiting and gaining access to a system, the next step would be to install a backdoor on the target machine. A backdoor is typically a covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for remote access to a computer. The reason for installing a persistent backdoor is important since attackers want to maintain access to the compromised machines even after the users reboot. Instead of having to constantly deliver payloads to the user to establish C2, attackers install backdoors after the initial infiltration so that the whole process does not have to be repeated again and again. Next, we shall explore ways to install persistent backdoors on our test machines.
https://en.wikipedia.org/wiki/Backdoor_(computing)
For creating a persistence backdoor, you should have a compromised machine of the victim with a Meterpreter session.
Reason that it failed is because metsvc required admin privileges to open service manager according to https://stackoverflow.com/questions/32464177/error-metsvc-cannot-open-the-service-manager0x00000005
Reference:
https://www.offensive-security.com/metasploit-unleashed/meterpreter-backdoor/
https://pentestlab.blog/2012/03/28/metasploit-metsvc-backdoor/
A number of alerts stating "Process Terminated" notifications from OpenEDR on the target Windows VM. When the Meterpreter script was executed on the Kali Linux, we can see a series of executions of VEsNPiEZshYrECm.exe. Since DetectOnly was disabled, it prevented the execution of this foreign (by foreign we mean the file was NON-existent before the execution) EXE file. Since this foreign EXE was repeatedly written & launched by Cscript.exe, it is why there were a lot of notifications from OpenEDR.
The following shows the relationships between these events.
The out-of-the-box OrientDB web-UI unfortunately is not that "intelligent" to show relevant edges. So what we do is click on a vertex to show a menu, there is an arrow menu INTO the node, and an arrow OUT of the vertex. The lower screenshot shows what goes into the payload.