Hacking Linux: What To Do Once You're Inside By gimboyd nickdoidge@talktimeuk.com


This manual is designed to tell you how to elevate your privilege and maintain access to a Linux computer. I will also tell you how to attempt to cover your tracks - and of course how to protect yourself from/ recognize these attacks. This manual does not go into every Linux type attack known to man - and nor are these attacks you will learn about new in the hacker circuit, you may even find that most of these attacks do not work on your own Linux boxes, because they have been patched - but they will give you a base of understanding to try to discover your own ways to break in and maintain access to systems. Please note that most of these methods you will never use in a real attack, I have given very unlikely and sometimes silly scenarios of possible attacks, to try to give you a better understanding, rather than to confuse you further with devilishly clever attacks. There have been areas I would have liked to have gone more indepth, for example 'password cracking with John' and the use of 'Linux Root Kit' - unfortunately I could not give long descriptions on how to use these programs, because they are out of the scope of this manual.

In the mind of the attacker s/he may process through four stages (although preferably s/he may want to avoid step two)
1) Privilege Escalation.
2) Password Cracking.
3) Maintaining Access.
4) Covering Your Tracks.

Once the attacker has gained access to the system, s/he will want to elevate their privileges as high as possible to have as much control over the system as they can - this makes all the other steps a lot easier later on. Typically the account that all attackers try to get hold of is the 'root' account (if they haven't taken control of it already) - as many of you well know the 'root' account is the account that controls all (if not most) processes, daemons and programs in a Linux system (unless of course the system is running some type of LIDS).

If the attacker has not had much luck with privilege escalation s/he may try password cracking to find any accounts that may have greater privileges, or allow other programs that may assist privilege escalation (the attacker may now repeat step one with the new privilege of any accounts that s/he was able to the crack passwords of).

Maintaining access is the third step in an attack, here the attacker will want to leave some type of entrance (or backdoor) for them to gain access to the system later, whilst not leaving too much to alert any IDS's (Intrusion Detection Systems) or systems administrators. I will discuss a variety of tactics adopted by crackers to leave backdoors, and how admins can spot them.

Covering your tracks is very important to the attacker - although this is not always the last step an attacker may make when breaching a system, the attacker may choose to erase their logins etc soon after they gain control of the root account. The reason covering your tracks is so important to the hacker is because leaving huge logs of all their logins, and attacks is not a good idea, since admins will find the attackers IP address and contact the attackers ISP - or worse, the last thing an attacker needs is a SWAT team busting through his/ her windows to arrest them! (I think I have been watching Hackers too much!).

************
Note To Readers: If you notice any errors in these documents, or you would like something explained in more depth etc, feel free to e-mail me at the address at the top of each page.
************

************
Disclaimer: This information although old can still be used to cause damage to systems, I do not recommend nor condone that you use this information for illegal purposes, because you will get caught! I cannot be held responsible for your actions, I am providing this information for educational purposes only to provide you with an insight into the mind of a cracker.
************

OK, with that dull disclaimer out the way - lets begin! - Please click one of the links below to start:

Privilege Escalation The basics of getting root!
Password Cracking What tools, dictionaries there are out there and how to use them.
Maintaining Access Keeping control - without leaving any marks.
Covering Your Tracks How the attacker makes sure they don't get caught!