I have always wondered what others first moves are after they get root on say a friends box or any machine if it is a friends and i like screwing with them i will remove a password from a process enable no passwords in sshd_config change there MOTD and change there admin accounts to user level lol but yeah

do you install a root kit or a backdoor or do you modify there shadow file ect...

What do you usally do to usally keep access or to avoid detection ?

:)

Cheers,
Warweed

I try to avoid detection, and open up the machine enough so that I can get in painlessly next time.

Used to install netcat, but it's so well known now that it's more than likely to be detected.

cat /dev/null > /etc/utmp
cat /dev/null > /var/adm/wtmp
useradd syslogd

That's a very simplified version of what I do.

I install a keylogger and hack their myspace!!!

I'll usually enable remote-management on their routers (Since none of my friends change the default passwords), and then randomly change settings on their router weeks later. It's hilarious, especially for computer-illiterate people, because I can pretty much call them up and tell them I'm going to turn off their internet, and then block their MAC address when they don't believe me. Sometimes I'll change their wireless broadcast name, making them do a double-take when their laptop detects "PENIS PENIS PENIS LOL" rather than "linksys."

It all depends on if it's a webserver, or some other sort of standalone box/server.