keep session alive

Question

In this scenario where someone creates a meterpreter payload and sends it to the target that clicks on it, the person who sent the payload stays away from his PC and in that meantinme the target already turned off his pc. What happens to the session? How to keep session alive?

Answer 1

I am going to assume you are talking about social engineering attacks, since generally, it is uncommon for an attacker to create a malicious executable, send it to the victim and then just expect them to run it.

Secondly, Meterpreter is not the only payload that can be executed. In general, Meterpreter is a good choice if you want to exploit a system and expect the payload to run immediately. However, during social engineering, you may have a case where you send out a malicious file and at times don't expect the target to click on it for a few hours or even days. In such a case, other payloads that allow access to the system are preferable.

That said, if you do have a social engineering scenario, in which a Meterpreter reverse shell is used as payload, and the attacker's machine is offline, the payload will simply fail to connect and do nothing.

If you use a Meterpreter bind shell, the system will open a listening port, which will then either remain open as long as the process is running, or until the machine is shut down, depending on how exactly it is implemented.

How should this be done?

The key word you are looking for is "persistence". Exploiting a system, either through technical exploits or social engineering, can be a thing that only works for a limited amount of time. People won't click everything you send them, software will get patched.

As such, what you need is access to the system, that will not be discovered to easily. That could mean modifying an executable that runs at startup in a way so that it allows a remote connection. It could mean modifying the OS so that it doesn't show specific ports. The possibilities are endless.