A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?
On a Windows server, the most effective method for a penetration tester to maintain persistent access after obtaining root access is to create a backdoor. A backdoor is designed to bypass normal authentication mechanisms, allowing the attacker to re-establish access to the server even if the original exploit is patched or discovered. This technique ensures that the tester can maintain control over the system without requiring immediate re-exploitation.
How does someone gain "root" access on a Windows server? With that said, I would establish a reverse shell so that I can disconnect and still maintain control. A reverse shell is not technically considered a "backdoor", but installation of a modified (backdoor) service could reestablish connection in the event of disconnection.
systemd is Linux. Unless the windows machine has WSL installed, this cannot work. If this was a Linux machine, starting systemd services could be a viable way to make a backdoor. Since this is Windows, a generic "creating a backdoor" is the correct answer.
C2 has been established, gain root access, make a backup for persistent C2 (backdoor). Sounds like the normal chain of events. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
A. Configuring systemd services to run automatically at startup is the most suitable option for persistence, as it allows the attacker to maintain access to the compromised system even if the system is rebooted or if the attacker loses the current session. This technique is commonly used to establish a foothold in the target environment and maintain persistence. Creating a backdoor is also a valid option, but it is more intrusive and may be easier to detect, especially if the target is using security solutions that detect malicious binaries. Exploiting an arbitrary code execution exploit may also provide the attacker with access to the target system, but it is a one-time opportunity and does not guarantee persistence. Moving laterally to a more authoritative server/service is not related to persistence.
Backdoor. Also, agreeing with chip, root access....on a windows server......
A backdoor is a method used to bypass normal authentication and gain access to a system. This can be particularly useful for maintaining persistent access to a system after initial exploitation.