Which of the following techniques would be best for the tester to use?

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting.

Which of the following techniques would be best for the tester to use?
A . Establishing a reverse shell
B . Executing a process injection attack
C . Creating a scheduled task
D . Performing a credential-dumping attack

View Answer

Answer: C

Explanation:

To maintain access to a compromised system after rebooting, a penetration tester should create a scheduled task. Scheduled tasks are designed to run automatically at specified times or when certain conditions are met, ensuring persistence across reboots.

Persistence Mechanisms:

Scheduled Task: Creating a scheduled task ensures that a specific program or script runs automatically according to a set schedule or in response to certain events, including system startup. This makes it a reliable method for maintaining access after a system reboot.

Reverse Shell: While establishing a reverse shell provides immediate access, it typically does not survive a system reboot unless coupled with another persistence mechanism.

Process Injection: Injecting a malicious process into another running process can provide stealthy access but may not persist through reboots.

Credential Dumping: Dumping credentials allows for re-access by using stolen credentials, but it does

not ensure automatic access upon reboot.

Creating a Scheduled Task:

On Windows, the schtasks command can be used to create scheduled tasks.

For example: schtasks /create /tn "Persistence" /tr "C:pathtomalicious.exe" /sc onlogon /ru SYSTEM On Linux, a cron job can be created by editing the crontab: (crontab -l; echo "@reboot /path/to/malicious.sh") | crontab –

Pentest

Reference: Maintaining persistence is a key objective in post-exploitation. Scheduled tasks (Windows Task Scheduler) and cron jobs (Linux) are commonly used techniques.

Reference to real-world scenarios include creating scheduled tasks to execute malware, keyloggers, or reverse shells automatically on system startup.

By creating a scheduled task, the penetration tester ensures that their access method (e.g., reverse shell, malware) is executed automatically whenever the system reboots, providing reliable persistence.