nerdexam
EC-Council

312-50V11 · Question #509

You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

The correct answer is B. Create User Account. Creating a backdoor user account is the most stealthy and reliable post-exploitation persistence technique, providing re-entry to the system without re-exploiting it.

System Hacking

Question

You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

Options

  • ADisable Key Services
  • BCreate User Account
  • CDownload and Install Netcat
  • DDisable IPTables

How the community answered

(18 responses)
  • B
    83% (15)
  • C
    6% (1)
  • D
    11% (2)

Why each option

Creating a backdoor user account is the most stealthy and reliable post-exploitation persistence technique, providing re-entry to the system without re-exploiting it.

ADisable Key Services

Disabling key services causes outages that immediately alert administrators and invite investigation, directly undermining the goal of maintaining stealthy persistent access.

BCreate User AccountCorrect

Creating a hidden or additional privileged user account is a classic persistence mechanism that allows an attacker to return to the system at any time using standard authentication. Unlike destructive options, it does not disrupt services or generate alerts that would prompt an administrator investigation. As a root-level attacker on CentOS 6, adding an account with a non-suspicious username blends into normal system user activity.

CDownload and Install Netcat

Netcat can establish reverse shells but does not itself create persistence - access is lost when the session ends and the tool must be re-run each time.

DDisable IPTables

Disabling IPTables removes the firewall but does not create any backdoor or authentication mechanism that allows the attacker to re-enter the system.

Concept tested: Post-exploitation persistence via user account creation

Source: https://attack.mitre.org/techniques/T1136/

Topics

#persistence#post-exploitation#maintaining access#system hacking

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice