312-50V9 · Question #378
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
The correct answer is B. Create User Account. Creating a backdoor user account is the most reliable way to maintain persistent access to a compromised Linux server without triggering obvious alarms.
Question
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
Options
- ADisable Key Services
- BCreate User Account
- CDownload and Install Netcat
- DDisable IPTables
How the community answered
(24 responses)- B92% (22)
- C4% (1)
- D4% (1)
Why each option
Creating a backdoor user account is the most reliable way to maintain persistent access to a compromised Linux server without triggering obvious alarms.
Disabling key services would degrade system functionality, likely alert administrators to a problem, and does not itself provide a mechanism for regaining access.
Creating a new user account (especially one with sudo privileges or added to the wheel group) establishes a persistent, low-profile foothold that survives reboots and does not depend on maintaining an active exploit or listener. This is a standard post-exploitation persistence technique documented in ethical hacking frameworks - the account can be given an inconspicuous name to blend in with system accounts and allows the attacker to log in normally via SSH.
Installing Netcat can create a listener but it does not persist across reboots by default unless a separate persistence mechanism (such as a cron job or init script) is also configured, making it an incomplete solution on its own.
Disabling IPTables removes the firewall and is an immediately noticeable change that would alert system administrators, undermining the goal of remaining undetected while maintaining access.
Concept tested: Post-exploitation persistence via backdoor user account
Source: https://attack.mitre.org/techniques/T1136/001/
Topics
Community Discussion
No community discussion yet for this question.