312-50V11 · Question #509
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
The correct answer is B. Create User Account. Creating a backdoor user account is the most stealthy and reliable post-exploitation persistence technique, providing re-entry to the system without re-exploiting it.
Question
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
Options
- ADisable Key Services
- BCreate User Account
- CDownload and Install Netcat
- DDisable IPTables
How the community answered
(18 responses)- B83% (15)
- C6% (1)
- D11% (2)
Why each option
Creating a backdoor user account is the most stealthy and reliable post-exploitation persistence technique, providing re-entry to the system without re-exploiting it.
Disabling key services causes outages that immediately alert administrators and invite investigation, directly undermining the goal of maintaining stealthy persistent access.
Creating a hidden or additional privileged user account is a classic persistence mechanism that allows an attacker to return to the system at any time using standard authentication. Unlike destructive options, it does not disrupt services or generate alerts that would prompt an administrator investigation. As a root-level attacker on CentOS 6, adding an account with a non-suspicious username blends into normal system user activity.
Netcat can establish reverse shells but does not itself create persistence - access is lost when the session ends and the tool must be re-run each time.
Disabling IPTables removes the firewall but does not create any backdoor or authentication mechanism that allows the attacker to re-enter the system.
Concept tested: Post-exploitation persistence via user account creation
Source: https://attack.mitre.org/techniques/T1136/
Topics
Community Discussion
No community discussion yet for this question.