In the mind of the attacker s/he may process through four stages (although preferably s/he may want to avoid step two)
1) Privilege Escalation.
2) Password Cracking.
3) Maintaining Access.
4) Covering Your Tracks.

Once the attacker has gained access to the system, s/he will want to elevate their privileges as high as possible to have as much control over the system as they can - this makes all the other steps a lot easier later on. Typically the account that all attackers try to get hold of is the 'root' account (if they haven't taken control of it already) - as many of you well know the 'root' account is the account that controls all (if not most) processes, daemons and programs in a Linux system (unless of course the system is running some type of LIDS).

If the attacker has not had much luck with privilege escalation s/he may try password cracking to find any accounts that may have greater privileges, or allow other programs that may assist privilege escalation (the attacker may now repeat step one with the new privilege of any accounts that s/he was able to the crack passwords of).

Maintaining access is the third step in an attack, here the attacker will want to leave some type of entrance (or backdoor) for them to gain access to the system later, whilst not leaving too much to alert any IDS's (Intrusion Detection Systems) or systems administrators. I will discuss a variety of tactics adopted by crackers to leave backdoors, and how admins can spot them.

Covering your tracks is very important to the attacker - although this is not always the last step an attacker may make when breaching a system, the attacker may choose to erase their logins etc soon after they gain control of the root account. The reason covering your tracks is so important to the hacker is because leaving huge logs of all their logins, and attacks is not a good idea, since admins will find the attackers IP address and contact the attackers ISP - or worse, the last thing an attacker needs is a SWAT team busting through his/ her windows to arrest them! (I think I have been watching Hackers too much!).

************
Note To Readers: If you notice any errors in these documents, or you would like something explained in more depth etc, feel free to e-mail me at the address at the top of each page.
************

************
Disclaimer: This information although old can still be used to cause damage to systems, I do not recommend nor condone that you use this information for illegal purposes, because you will get caught! I cannot be held responsible for your actions, I am providing this information for educational purposes only to provide you with an insight into the mind of a cracker.
************

OK, with that dull disclaimer out the way - lets begin! - Please click one of the links below to start: