312-50V10 · Question #410
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
The correct answer is A. Create User Account. This question tests knowledge of post-exploitation persistence techniques used to maintain access to a compromised system after gaining root privileges.
Question
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
Options
- ACreate User Account
- BDisable Key Services
- CDisable IPTables
- DDownload and Install Netcat
How the community answered
(38 responses)- A79% (30)
- B13% (5)
- C3% (1)
- D5% (2)
Why each option
This question tests knowledge of post-exploitation persistence techniques used to maintain access to a compromised system after gaining root privileges.
Creating a new user account is the preferred first persistence step because it provides a durable, credential-based login mechanism that survives reboots and remains functional even if the original exploit vector is patched. A new account can be made to appear legitimate, reducing the chance that routine administrator audits will flag it immediately. This is a foundational persistence technique in post-exploitation methodology corresponding to MITRE ATT&CK T1136.
Disabling key services causes visible system disruption that alerts administrators and can trigger an incident response, ending the attacker's access.
Disabling IPTables removes firewall protections and creates an obvious configuration anomaly that system administrators would quickly detect and investigate.
Installing Netcat can establish a backdoor channel, but it requires active execution and open network connectivity each session, making it less reliable than a persistent user account for ongoing access.
Concept tested: Post-exploitation persistence via user account creation
Source: https://attack.mitre.org/techniques/T1136/
Topics
Community Discussion
No community discussion yet for this question.