Related Linux Command
Last updated
Last updated
For network information, you have to find out the answers of the following:
1. How is the exploited machine connected to the network? 2. Can I use this machine to pivot to other hosts in other segment? 3. Unconstrained outbound / just limited ports? 4. Is there a firewall between this host and other devices? 5. Any existing connection with other hosts? (What service?) 6. Do the current host has any services? Change to intercept cleartext traffic?
Interface and Route
DNS Settings
ARP Cache - An unseen neighbours?
Network connections - Any established connections? Any known unencrypted traffic?
Check outbound restrictions
Dump firewall config:
Get hostname - Function guess
Kernel Version - Subject to Kernel Vulnerability
OS - Known OS vulnerability
Running Processes
Current user permissions - Can we access sensitive information/configuration of other users?
UID / GID for all users - How many users? What groups do they belong to? Can we modify files belonging to users in other groups?
Last logged on user - Who's been on the system? From what systems? Pivoting using known credentials?
Root - How many UID 0 account? Any credenials?
Service Accounts
Home directories - Can we access other users' home directories?
In Debian:
To view all available disks:
Now we have the list of loaded modules. Get more info about a specific module by using: