During a post-exploitation phase on a Windows Server 2019 host, you need a mechanism that will launch your remote-access Trojan automatically during every boot and run silently in the background even when no user is logged on. Which approach best satisfies this persistence requirement?
Overwrite utilman.exe with cmd.exe to trigger a shell via the Sticky Keys shortcut
Create a new Windows service that points to the Trojan executable and set its start type to Automatic
Place the Trojan's path in HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Add an entry in the hosts file that maps the server's hostname to the attacker's C2 address
Registering a new Windows service and setting its start type to Automatic causes the Service Control Manager to start the attacker's binary during each system boot, before any user signs in, providing reliable long-term persistence. A RunOnce registry entry executes only once for the specified user and is then deleted, so it will not survive subsequent logons. Replacing utilman.exe with cmd.exe creates a convenient privilege escalation backdoor, but nothing invokes the shell automatically; an interactive user would still have to press the Sticky Keys shortcut. Editing the hosts file merely alters name resolution and does not execute code, so it does not help maintain access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Windows service and why is it useful for persistence?
Open an interactive chat with Bash
Why doesn't the RunOnce registry entry provide long-term persistence?
Open an interactive chat with Bash
How does overwriting utilman.exe with cmd.exe create a privilege escalation backdoor?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .