nerdexam
EC-Council

312-50V10 · Question #509

You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

The correct answer is B. Create User Account. After gaining root access to a system, creating a user account is the most stable and covert method to maintain persistent access without disrupting services.

System Hacking

Question

You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

Options

  • ADisable Key Services
  • BCreate User Account
  • CDownload and Install Netcat
  • DDisable IPTables

How the community answered

(34 responses)
  • A
    6% (2)
  • B
    91% (31)
  • D
    3% (1)

Why each option

After gaining root access to a system, creating a user account is the most stable and covert method to maintain persistent access without disrupting services.

ADisable Key Services

Disabling key services would likely alert administrators and cause system instability, making it a poor persistence mechanism.

BCreate User AccountCorrect

Creating a new user account provides persistent access that survives reboots and does not alert administrators through service disruptions. It is a common post-exploitation technique where the attacker creates a backdoor account, sometimes with sudo or root privileges, to re-enter the system later. This method is less noisy than modifying running services or firewall rules.

CDownload and Install Netcat

Downloading and installing Netcat requires an active connection and does not provide persistent access if the session is interrupted or the server reboots.

DDisable IPTables

Disabling IPTables changes firewall rules and may trigger alerts or break network functionality, drawing attention to the compromise.

Concept tested: Post-exploitation persistence techniques on Linux

Source: https://attack.mitre.org/techniques/T1136/

Topics

#maintaining access#persistence#user account creation#post-exploitation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice