During a security assessment of a web application, you have been able to exploit a remote code execution vulnerability. You decide to maintain access to the server in case the vulnerability gets patched and your initial entry point is closed. Which of the following methods would you implement to maintain persistence on the server?
You selected this option
Change all server passwords to prevent other users from logging in.
You selected this option
Initiate a reverse shell during each session.
You selected this option
Create a cron job that downloads and runs a malicious script every hour.
Creating a Web Shell on the server provides an attacker with persistent, disguised access, often through an innocuous-looking file that does not arouse suspicion. This access can be used by the attacker to navigate the file system, manage files, and execute commands. A reverse shell would not offer persistence; it only allows for a one-time session establishment which would be terminated once the connection is closed. Changing server passwords would increase the risk of detection, and scheduled tasks or cron jobs may be viable for persistence but are not as stealthy and can be easily detected by an administrator.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Web Shell and how does it work?
Open an interactive chat with Bash
What are the risks associated with using a reverse shell for remote access?
Open an interactive chat with Bash
Why is changing all server passwords considered a bad method for maintaining persistence?