107 lines
1.6 KiB
Markdown
107 lines
1.6 KiB
Markdown
# Linux Enumeration
|
|
|
|
## First Checks
|
|
|
|
```sh
|
|
cat /etc/*-release
|
|
cat /proc/version
|
|
```
|
|
|
|
```sh
|
|
hostname or cat /etc/hostname
|
|
cat /etc/hosts
|
|
```
|
|
|
|
```sh
|
|
cat /etc/resolve.conf
|
|
cat /etc/systemd/resolved.conf
|
|
uname -a
|
|
cat /etc/issue
|
|
ps wuax or ps ajxf or ps -A
|
|
printenv or env
|
|
cat /etc/timezone or timedatectl
|
|
```
|
|
|
|
## Users
|
|
|
|
```sh
|
|
sudo -l
|
|
id
|
|
whoami
|
|
groups and getent group or cat /etc/group
|
|
cat /etc/passwd | column -t -s :
|
|
cat /etc/shadow
|
|
cat /etc/group
|
|
cat /etc/sudoers
|
|
history
|
|
cat /var/mail
|
|
```
|
|
|
|
|
|
## Network Info
|
|
|
|
* The output of information will be different, depending on permissions of the user
|
|
```sh
|
|
ip a or ifconfig
|
|
ip route
|
|
cat /etc/network/interfaces
|
|
netstat -natup or ss -natup
|
|
netstat -tupln or ss -tulpn
|
|
netstat -s and netstat -i
|
|
lsof -i :<port>
|
|
```
|
|
|
|
## Login Info
|
|
|
|
```sh
|
|
last -f /var/log/wtmp
|
|
last -f /var/log/btmp
|
|
last
|
|
w
|
|
who
|
|
```
|
|
|
|
## Syslog
|
|
|
|
```sh
|
|
journalctl -xe
|
|
less /var/log/syslog
|
|
```
|
|
|
|
## Auth Logs
|
|
|
|
```sh
|
|
cat /var/log/auth.log | less
|
|
cat /var/log/access.log | less
|
|
```
|
|
|
|
## Find Files
|
|
|
|
* Find SUID permissions on files and dirs
|
|
* `find / -perm /6000 -ls 2>/dev/null`
|
|
|
|
* Find writeables dirs
|
|
* `find / -writable -type d 2>/dev/null` or `find / -perm -o w -type d 2>/dev/null`
|
|
* `find / -perm -o x -type d 2>/dev/null`
|
|
|
|
* Find writeable subdirs
|
|
`find / -writable 2>/dev/null | cut -d "/" -f 2,3 | grep -v proc | sort -u`
|
|
|
|
* `cat ~/.viminfo`
|
|
|
|
## Services
|
|
|
|
```sh
|
|
ls -al /etc/systemd/system && ls -la /var/lib/systemd/system || ls -la /etc/init.d
|
|
```
|
|
|
|
```sh
|
|
cat /etc/crontab
|
|
crontab -l
|
|
cat /etc/bash.bashrc ; cat /etc/profile
|
|
```
|
|
|
|
## Packet Managers
|
|
|
|
* pacman, apt, dpkg, dnf etc.
|