So to root the box just some simple social engineering is needed? I mean technically speaking if someone clicks a link that downloads a rootkit for example, then appends "?explorer.exe" or equivalent wouldn't it be executed as a normal application? And if your rootkit was silent installer they are now rooted? Right? <a href="https://www.evil.site/rootkit.exe?explorer.exe";>click this link</a>