During post-exploitation you have gained SYSTEM privileges on a Windows 10 workstation and need a method that will automatically launch a Meterpreter reverse shell every time any user logs on-even after the machine is rebooted-while leaving the operating system otherwise unchanged. Which persistence mechanism best satisfies these requirements?
Install a user-mode rootkit that hooks System Service Descriptor Table entries
Create a value pointing to the payload in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Replace sethc.exe with cmd.exe so pressing Shift five times opens a SYSTEM shell
Register a high-privilege scheduled task set to run at system startup
Placing the backdoor's executable path under the registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run creates an autostart entry that Windows triggers for every interactive logon, regardless of which account signs in. The entry is stored in a location that survives reboots and requires no additional services or binary replacement, so access is regained each session with minimal system modification.
Replacing sethc.exe with cmd.exe only yields an on-demand shell when Sticky Keys is invoked at the logon screen and is more conspicuous. A scheduled task can provide similar startup persistence but is easier to enumerate and may reveal the attacker's intent in the Task Scheduler UI. Installing a user-mode rootkit that hooks the SSDT offers concealment but is unnecessary for simple logon persistence and risks system instability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HKLM\Software\Microsoft\Windows\CurrentVersion\Run?
Open an interactive chat with Bash
Why is replacing sethc.exe with cmd.exe less ideal for persistence?
Open an interactive chat with Bash
What is the System Service Descriptor Table (SSDT), and why is hooking it risky?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .