[Nohbdy]

1. Yeah. This can be used when you have a root exploit of sorts.

ok, i will explot the machine, and have a root access

2. When you want your root access to be relatively invisible.

ok I will create 2 users. I will use ssh and login with normal user

3. What if you don't know the root password?

OK, i can do root activity either without pass because i use exploits, and i am a noob if i reset root pass.

4. Because nohbdy_root needs uid=0 else it can't do root things.

so if the administrator do id nohbdy_root he not see the user in the root group?

But isn't better if i exploit the machin to use a reverce shel, or a php/ajax shell, without doing a new user?
what is better?

This tutorial was intended to be a tool in your toolbox, not an exclusive use.

I have more question, but not related to this tut
1) what about ssh logs? you are clearly using a new user, any admn that read the log, can see that you own the machine

SSH logs are stored in /var/log/auth.log (debian-based) or /var/log/secure (rhel-based). You can eliminate single lines from this file.

2) what to do with , bash_history? the file in the nohbdy folder? is there a way to hide them?

Realistically, you can edit the .bash_history file, and the nohbdy folder you can prepend a . and most people won't notice. Just make sure if you prepend a . to the nohbdy folder (so like /home/.nohbdy) you update /etc/passwd.

thanks
:blackhat: