From: Nomad@yabbs
To: Fastjack@yabbs
Subject: First steps
Date: Tue Jan 25 04:26:37 1994
I can't believe that this is as lively as this sub gets....

First steps for me AFTER gaining root:
1) Check for the existance of security programs. Look in the crons, 
/etc/security, /usr/adm/messages*, /etc/syslogd.conf, and any others that
come to mind.

2) Remove myself from ALL logs possible. (utmp, wtmp, lastlog, and any 
other's found in syslogd.conf.

3) Secure myself in (patch login, set up a port, rcp the passwd file to a 
remote host)

4) Check out the system resources; How often do the telnet? Do they use
tip or cu? If I feel that the site will yield something fruitful thenm
I set up the appropriate patches, etc. If not....

5) Upload my find script (looks for alot of shit) and run it. Searches
for *.zip *.exe *.c .netrc .rhosts *.whatever.

6) Check out the .netrc files! These things are great for infecting other 
systems. type 'man netrc'

7) Copy all .netrc and .rhosts files to my machine to insure future access 
if my account dies or my patch is removed.

8) Browse.... Erase core files (hell i don't know)... Look at mail. If 
they use cu and have it set up see if I can use it. Wow another Internet 
outdial.

Well anyway I am recieving a talk request... I will respond to any and all 
comments from users.