Related Linux Command
Script
Network
For network information, you have to find out the answers of the following:
1. How is the exploited machine connected to the network? 2. Can I use this machine to pivot to other hosts in other segment? 3. Unconstrained outbound / just limited ports? 4. Is there a firewall between this host and other devices? 5. Any existing connection with other hosts? (What service?) 6. Do the current host has any services? Change to intercept cleartext traffic?
Basic Network Info
Interface and Route
DNS Settings
ARP Cache - An unseen neighbours?
Network connections - Any established connections? Any known unencrypted traffic?
Check outbound restrictions
IPTABLES
Dump firewall config:
System Information
System Info
Get hostname - Function guess
Kernel Version - Subject to Kernel Vulnerability
OS - Known OS vulnerability
Running Processes
User Information
Current user permissions - Can we access sensitive information/configuration of other users?
UID / GID for all users - How many users? What groups do they belong to? Can we modify files belonging to users in other groups?
Last logged on user - Who's been on the system? From what systems? Pivoting using known credentials?
Root - How many UID 0 account? Any credenials?
Service Accounts
Home directories - Can we access other users' home directories?
Scheduled Tasks
Installed Applications
In Debian:
Inspect Writtable Files / Directories
Find unmounted disk
To view all available disks:
Enumerate loaded Kernel Modules
Now we have the list of loaded modules. Get more info about a specific module by using:
Find SUID files
Last updated