A penetration tester successfully gains administrative rights on a Windows 11 workstation during an engagement. To ensure the foothold survives a reboot, the tester writes a batch file that opens a reverse shell and saves it in C:\Windows\Temp. The tester's goal is for the script to run automatically every time the computer starts, even if no user has supplied credentials at the logon screen. Which persistence mechanism best meets this requirement while avoiding reliance on an interactive user session?
Add a string value under HKCU\Software\Microsoft\Windows\CurrentVersion\Run that calls the script
Append a call to the script at the end of autoexec.bat in C:\Windows\System32
Create a scheduled task that launches the script at system startup
Copy a shortcut to the script into %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
A scheduled task configured with the "At startup" (BootTrigger) trigger and set to "Run whether user is logged on or not" executes as soon as the Task Scheduler service starts, requiring no interactive session. Registry Run keys and the Startup folder run only after a user logs on, while legacy files such as autoexec.bat are no longer processed for command execution on modern Windows systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a reverse shell?
Open an interactive chat with Bash
What is the purpose of the 'Run whether user is logged on or not' setting in Task Scheduler?
Open an interactive chat with Bash
Why is autoexec.bat no longer used in modern Windows systems?