Related Linux Command

Script

unix-privesc-checkpentestmonkey

Network

For network information, you have to find out the answers of the following:

1. How is the exploited machine connected to the network? 2. Can I use this machine to pivot to other hosts in other segment? 3. Unconstrained outbound / just limited ports? 4. Is there a firewall between this host and other devices? 5. Any existing connection with other hosts? (What service?) 6. Do the current host has any services? Change to intercept cleartext traffic?

Basic Network Info

Interface and Route

ifconfig -a
route -n
traceroute -n <target_ip>

DNS Settings

cat /etc/resolv.conf

ARP Cache - An unseen neighbours?

arp -en

Network connections - Any established connections? Any known unencrypted traffic?

netstat -antup
ss -twurp
ss -anp

Check outbound restrictions

nmap -sT -T5 -p<low_port>-<high_port> portquiz.net

IPTABLES

Dump firewall config:

iptables-save

System Information

System Info

Get hostname - Function guess

hostname

Kernel Version - Subject to Kernel Vulnerability

uname -a

OS - Known OS vulnerability

cat /etc/issue

Running Processes

ps auxw

User Information

Current user permissions - Can we access sensitive information/configuration of other users?

find / -user <user>

UID / GID for all users - How many users? What groups do they belong to? Can we modify files belonging to users in other groups?

for user in $(cat /etc/passwd | cut -d ":" -f 1; do id $user; done

Last logged on user - Who's been on the system? From what systems? Pivoting using known credentials?

last -a

Root - How many UID 0 account? Any credenials?

cat /etc/passwd | cut -d ":" -f 1,3,4 | grep "0:0" | cut -f1 -d ":" | awk '{print $1}'

Service Accounts

cat /etc/passwd

Home directories - Can we access other users' home directories?

ls -las /home/*

Scheduled Tasks

ls -lash /etc/cron*
cat /etc/crontab

Installed Applications

In Debian:

dpkg -l

Inspect Writtable Files / Directories

find / -writable -type d 2>/dev/null

Find unmounted disk

cat /etc/fstab
mount

To view all available disks:

/bin/lsblk

Enumerate loaded Kernel Modules

lsmod

Now we have the list of loaded modules. Get more info about a specific module by using:

/sbin/modinfo <module_name>

Find SUID files

find / -perm -u=s -type f 2>/dev/null

PreviousRelated Windows CommandNextInformation Gathering

Last updated