nerdexam
EC-Council

312-50V10 · Question #410

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

The correct answer is A. Create User Account. This question tests knowledge of post-exploitation persistence techniques used to maintain access to a compromised system after gaining root privileges.

System Hacking

Question

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Options

  • ACreate User Account
  • BDisable Key Services
  • CDisable IPTables
  • DDownload and Install Netcat

How the community answered

(38 responses)
  • A
    79% (30)
  • B
    13% (5)
  • C
    3% (1)
  • D
    5% (2)

Why each option

This question tests knowledge of post-exploitation persistence techniques used to maintain access to a compromised system after gaining root privileges.

ACreate User AccountCorrect

Creating a new user account is the preferred first persistence step because it provides a durable, credential-based login mechanism that survives reboots and remains functional even if the original exploit vector is patched. A new account can be made to appear legitimate, reducing the chance that routine administrator audits will flag it immediately. This is a foundational persistence technique in post-exploitation methodology corresponding to MITRE ATT&CK T1136.

BDisable Key Services

Disabling key services causes visible system disruption that alerts administrators and can trigger an incident response, ending the attacker's access.

CDisable IPTables

Disabling IPTables removes firewall protections and creates an obvious configuration anomaly that system administrators would quickly detect and investigate.

DDownload and Install Netcat

Installing Netcat can establish a backdoor channel, but it requires active execution and open network connectivity each session, making it less reliable than a persistent user account for ongoing access.

Concept tested: Post-exploitation persistence via user account creation

Source: https://attack.mitre.org/techniques/T1136/

Topics

#persistence#maintaining access#post-exploitation#user account creation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice