Linux Enumeration

Initial Linux System Enumeration

System Enumeration

System Information

hostname                            # Hostname
uname -a                            # Kernel Version and Architechture
cat /proc/version
cat /etc/issue                      # Distribution
cat /etc/*-release
env                                 # Environment Variables
cat /etc/profile
cat /etc/bashrc
lsblk                               # List block devices
cat /etc/exports                    # Check for shares
cat /etc/fstab                      # Mountpoints
df -h
mount

Local Services

ps aux                              # Active processes belonging to usernames
ps -elf                             # Active processes belonging to UID
top                                 # Real-time interactive list of processes

Packages

dpkg -l                             # List installed packages (deb)
rpm -qa                             # List installed packeages (rhel)
ls -alh /usr/bin                    # Applications installed
ls -alh /sbin

Users

id                                  # Current users UID & GIDs
whoami                              # Current users username
w                                   # Information about currently logged on users
who                                 # Display who is on the system
users                               # List current users
last                                # Last logins of users and ttys
cat /etc/passwd                     # Print list of all users
cat /etc/group                      # Print list of all groups
sudo -l                             # Check if current user has any sudo privileges

Network

ifconfig                            # Show network interfaces
ip a
ip route                            # Show routes
arp -a                              # Show ARP Tables
netstat -lntp                       # Show "listening" network connections
ss -lntp
netstat -antp                       # Show "active" network connections
ss -antp
cat /etc/network/interface          # Interface configurations
cat /etc/sysconfig/network
cat /etc/networks
cat /etc/resolv.conf                # DNS
iptables -L                         # IP Table rules

File System

ls -lahR /root       # root home directory
ls -lahR /home       # User home directories
ls -lah /tmp         # Temp directory
ls -lah /dev/shm
ls -lab /var/        # Check interesting directories: logs, backups, www, etc.
ls -lah /dev
cat ~/.bashrc        # Check .bashrc & .bash_profile
cat ~/.profile       # Check any readable .profile files
cat ~/.history       # Check any readable history files
ls -la ~/.ssh        # Check for SSH keys
ls -la /etc/ | grep rwx
find / -perm -1000 -type d 2>/dev/null # Files with Sticky bit
find / -perm -g=s -type f 2>/dev/null  # SGID, run with group owner permissions
find / -perm -u=s -type f 2>/dev/null  # SUID, run with owner permissions
find / -writable -type d 2>/dev/null   # World-writable folders
find / -perm -222 -type d 2>/dev/null
find / -perm -o w -type d 2>/dev/null
find / -perm -o x -type d 2>/dev/null  # World-executable folders
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print # World-writeable files
find /dir -xdev \( -nouser -o -nogroup \) -print # No Owner files

Cron Jobs

crontab -l
cat /etc/cron*
cat /etc/cron.d/*
cat /etc/cron.daily/*
cat /etc/cron.hourly/*
cat /etc/cron.monthly/*
cat /etc/crontab
cat /etc/at.allow
cat /etc/at.deny
cat /etc/anacrontab

PreviousTactics NextWindows Enumeration

Last updated 2 years ago