|
|
Hacking Best Practices
I think in this paper we have covered most of the things
you can do after
access, so I will make this in the style of a checklist
from a to z.
a. learn who the admin's are on the system
b. watch the system with ps -auxe and ps -auxef (if it
works) and pstree to
try and keep track of what others are doing
c. read all of the bash history files or any history
files you can find on the
machine to learn more yourself, and to learn
about the users
d. make as many backdoor's into the system as you can
that you are sure will
not be found out
e. keep the access to yourself, don't give out users
passwords on the machine
you get root on.
f. always clean your utmp and wtmp right away when you
login
g. always clean your mess as you go along, this includes
your xferlog and
messages
h. if you have root access make sure to read /etc/syslog.conf
and
/etc/login.defs to see how the system is
logging
i. before changing binary files look at the root cron
to see what they are
running.
j. look for md5 on the system
k. look for separate ftp logs
l. make sure to clean the www logs if you ever send phf
commands to the server
m. make an suid root shell and place it somewhere on
the system
n. do only what you are sure of, don't do everything
in this hacking manual all
at once or you are asking to get caught
o. only use nested directories, do not put files into
user directories where
all they need to do is type ls to see them
p. don't add user accounts and think they will not notice
you.
q. don't use pine or other mail programs to read users
mail. if you want to
read mail go to the mail dir and read it
from unix, new mail you will find
in /var/spool/mail read it there.
r. don't change the system so that other programs they
have running will not
work any more, they will be on you like
fly's on shit
s. don't delete files on the system unless you put them
there
t. do not modify their web pages, like i was here ...
you are not a hacker you
are a little kid wanting attention
u. do not change any passwords on the system (unless
you are doing it for
access and have backed up the passwd file
and replace it right after you
login
v. do not use any root account machines for irc access,
or to load a bot on
w. if your root account changes or you create files that
are owned by the
wrong group, be sure to chown the files
x. do not use .rhosts if there is already one there that
is being used
y. never telnet or ftp to your account from the hacked
box
z. don't fuck up their machine! only do what you know
how to do.
|