312-50V9 · Question #192
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
The correct answer is A. Create User Account. Creating a backdoor user account is the most reliable and stealthy first step to maintain persistent access after gaining root on a compromised Linux server.
Question
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
Options
- ACreate User Account
- BDisable Key Services
- CDisable IPTables
- DDownload and Install Netcat
How the community answered
(49 responses)- A71% (35)
- B8% (4)
- C4% (2)
- D16% (8)
Why each option
Creating a backdoor user account is the most reliable and stealthy first step to maintain persistent access after gaining root on a compromised Linux server.
Creating a new privileged user account establishes access that survives reboots, persists after the original vulnerability is patched, and does not disrupt running services that would alert administrators. It is the preferred initial persistence mechanism because it blends into normal system activity and requires no additional tooling, giving the attacker a reliable re-entry point throughout the engagement.
Disabling key services causes visible system disruption that is likely to trigger alerts and incident response, directly threatening the attacker's continued access.
Disabling IPTables removes firewall rules but does not itself create a persistent access mechanism and may be noticed by monitoring systems or administrators.
Installing Netcat creates a temporary reverse shell channel but requires re-launching each session and leaves forensic artifacts on disk, making it less reliable and stealthier than a persistent user account.
Concept tested: Post-exploitation persistence via backdoor user account
Source: https://owasp.org/www-project-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.