Maintaining Access
What is Maintaining Access?
Maintaining Access involves creating backdoors and establishing persistent methods to retain access to the compromised system, even if the initial vulnerability is patched or credentials are changed. This ensures continued access for further testing or malicious activities.
Common Persistence Methods
Backdoors
Installing hidden access points that bypass normal authentication.
Rootkits
Malicious software designed to provide continued privileged access.
Scheduled Tasks
Creating scheduled jobs to maintain access or execute payloads periodically.
Web Shells
Web-based interfaces that provide command execution capabilities.
Common Techniques
- Creating new user accounts
- Installing remote access tools
- Modifying system binaries
- Adding startup scripts
- Creating cron jobs (Linux) or scheduled tasks (Windows)
- Installing web shells on web servers
Popular Tools
Metasploit Persistence
Built-in Metasploit modules for creating persistent backdoors.
Cobalt Strike
Advanced threat emulation software with powerful persistence capabilities.
Web Shells
Various PHP, ASP, JSP shells for maintaining web access.
PowerSploit
Collection of PowerShell scripts including persistence modules.
Ethical Considerations
Maintaining access should only be done when explicitly authorized. All backdoors and persistence mechanisms must be thoroughly documented and removed after testing is complete. Unauthorized persistence mechanisms could be considered malware.