# Linux Enumeration ## First Checks ```sh cat /etc/*-release cat /proc/version ``` ```sh hostname or cat /etc/hostname cat /etc/hosts ``` ```sh cat /etc/resolve.conf cat /etc/systemd/resolved.conf uname -a cat /etc/issue ps wuax or ps ajxf or ps -A printenv or env cat /etc/timezone or timedatectl ``` ## Users ```sh sudo -l id whoami groups and getent group or cat /etc/group cat /etc/passwd | column -t -s : cat /etc/shadow cat /etc/group cat /etc/sudoers history cat /var/mail ``` ## Network Info * The output of information will be different, depending on permissions of the user ```sh ip a or ifconfig ip route cat /etc/network/interfaces netstat -natup or ss -natup netstat -tupln or ss -tulpn netstat -s and netstat -i lsof -i : ``` ## Login Info ```sh last -f /var/log/wtmp last -f /var/log/btmp last w who ``` ## Syslog ```sh journalctl -xe less /var/log/syslog ``` ## Auth Logs ```sh cat /var/log/auth.log | less cat /var/log/access.log | less ``` ## Find Files * Find SUID permissions on files and dirs * `find / -perm /6000 -ls 2>/dev/null` * Find writeables dirs * `find / -writable -type d 2>/dev/null` or `find / -perm -o w -type d 2>/dev/null` * `find / -perm -o x -type d 2>/dev/null` * Find writeable subdirs `find / -writable 2>/dev/null | cut -d "/" -f 2,3 | grep -v proc | sort -u` * `cat ~/.viminfo` ## Services ```sh ls -al /etc/systemd/system && ls -la /var/lib/systemd/system || ls -la /etc/init.d ``` ```sh cat /etc/crontab crontab -l cat /etc/bash.bashrc ; cat /etc/profile ``` ## Packet Managers * pacman, apt, dpkg, dnf etc.