nerdexam
EC-Council

312-50V9 · Question #192

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

The correct answer is A. Create User Account. Creating a backdoor user account is the most reliable and stealthy first step to maintain persistent access after gaining root on a compromised Linux server.

System Hacking

Question

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Options

  • ACreate User Account
  • BDisable Key Services
  • CDisable IPTables
  • DDownload and Install Netcat

How the community answered

(49 responses)
  • A
    71% (35)
  • B
    8% (4)
  • C
    4% (2)
  • D
    16% (8)

Why each option

Creating a backdoor user account is the most reliable and stealthy first step to maintain persistent access after gaining root on a compromised Linux server.

ACreate User AccountCorrect

Creating a new privileged user account establishes access that survives reboots, persists after the original vulnerability is patched, and does not disrupt running services that would alert administrators. It is the preferred initial persistence mechanism because it blends into normal system activity and requires no additional tooling, giving the attacker a reliable re-entry point throughout the engagement.

BDisable Key Services

Disabling key services causes visible system disruption that is likely to trigger alerts and incident response, directly threatening the attacker's continued access.

CDisable IPTables

Disabling IPTables removes firewall rules but does not itself create a persistent access mechanism and may be noticed by monitoring systems or administrators.

DDownload and Install Netcat

Installing Netcat creates a temporary reverse shell channel but requires re-launching each session and leaves forensic artifacts on disk, making it less reliable and stealthier than a persistent user account.

Concept tested: Post-exploitation persistence via backdoor user account

Source: https://owasp.org/www-project-testing-guide/

Topics

#persistence#post-exploitation#maintaining access#privilege escalation

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice