I think in this paper we have covered most of the things  you can do after
access, so I will make this in the style of a checklist from a to z.

a. learn who the admin's are on the system
b. watch the system with ps -auxe and ps -auxef (if it works) and pstree to
   try and keep track of what others are doing
c. read all of the bash history files or any history files you can find on the
   machine to learn more yourself, and to learn about the users
d. make as many backdoor's into the system as you can that you are sure will
   not be found out
e. keep the access to yourself, don't give out users passwords on the machine
   you get root on.
f. always clean your utmp and wtmp right away when you login
g. always clean your mess as you go along, this includes your xferlog and
   messages
h. if you have root access make sure to read /etc/syslog.conf and
   /etc/login.defs to see how the system is logging
i. before changing binary files look at the root cron to see what they are
   running.
j. look for md5 on the system
k. look for separate ftp logs
l. make sure to clean the www logs if you ever send phf commands to the server
m. make an suid root shell and place it somewhere on the system
n. do only what you are sure of, don't do everything in this hacking manual all
   at once or you are asking to get caught
o. only use nested directories, do not put files into user directories where
   all they need to do is type ls to see them
p. don't add user accounts and think they will not notice you.
q. don't use pine or other mail programs to read users mail. if you want to
   read mail go to the mail dir and read it from unix, new mail you will find
   in /var/spool/mail read it there.
r. don't change the system so that other programs they have running will not
   work any more, they will be on you like fly's on shit
s. don't delete files on the system unless you put them there
t. do not modify their web pages, like i was here ... you are not a hacker you
   are a little kid wanting attention
u. do not change any passwords on the system (unless you are doing it for
   access and have backed up the passwd file and replace it right after you
   login
v. do not use any root account machines for irc access, or to load a bot on
w. if your root account changes or you create files that are owned by the
   wrong group, be sure to chown the files
x. do not use .rhosts if there is already one there that is being used
y. never telnet or ftp to your account from the hacked box
z. don't fuck up their machine! only do what you know how to do.