Skip to content

Latest commit

 

History

History
62 lines (39 loc) · 2.11 KB

enumeration.md

File metadata and controls

62 lines (39 loc) · 2.11 KB

Enumeration

System Enumeration

You Just Landed on a box...

  1. uname -a -- Look for Kernel Exploit
  2. lscpu -- CPU Architecture
  3. ps aux -- What services are running?

User Enumeration

  • You are performing this type of enumeration to find out who you are, what permissions you have, and what you are capable of doing
  1. whoami -- Display current user
  2. id -- Permissions of current user
  3. sudo -l -- What are the SUDO permissions of the current user | Very IMPORTANT
  4. Ask yourself what files do you know of and what files can you access
  5. Access to sensitive files? /etc/shadow /etc/passwd
  6. history -- Display command/Terminal history

Network Enumeration

  • This type of enumeration allows you to identify internal ports and gives you a lay of the land
  1. ifconfig or ip a -- General IP and Networking information -- Is this dual-homed (two NICs)
  2. ip route -- View routing table
  3. arp -a or ip neigh -- View ARP table
  4. netstat -ano or netstat -tulnp

Password Hunting

  • Password hunting or sensitive file hunting

Grepping for Potentially Lucrative Strings

password:

grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null

grep --color=auto -rnw '/' -ie "PASSWORD=" --color=always 2> /dev/null

grep --color=auto -rnw '/' -ie "PWD" --color=always 2> /dev/null

grep --color=auto -rnw '/' -ie "PASS" --color=always 2> /dev/null

File name:

locate password | more

SSH Keys

find / -name authorized_keys 2> /dev/null

find / -name id_rsa 2> /dev/null