Enumeration Commands

Enumeration Commands

Description

id

print real and effective user and group IDs

whoami

current user

hostname

show or set the system's host name

uname

print system information

ps -ef

report a snapshot of the current processes

echo $PATH

print environment PATH variable

ifconfig

configure a network interface

cat /etc/passwd

show passwd file contents

sudo -l

list commands allowed using sudo

find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null

Find all files suid and sgid files

The previous table shows the basic commands to enumerate things, but the list below shows a more detailed commands for this:

  1. hostname - lists the name of the host

  2. uname -a - prints kernel information

  3. cat /proc/version - prints almost same infor of above command but more like gcc version....

  4. cat /etc/issue - exact version on the OS

  5. ps - lists the processes that are running

  • ps -A - all running processes

  • ps axjf - process tree

  • ps aux - displays processes with the users as well

    • Ex: ps aux | grep mysql --> This greeps by mysql, for ex, if root is runing MySQL, we can find an exploit

  1. env - shows all the environment variable

  2. sudo -l - lists the commands that any user run as root without password

  3. groups - lists the groups that current user is in

  4. id - lists id of group,user

  5. cat /etc/passwd - displays all the user

  • cat /etc/passwd | cut -d ":" -f 1 - removes other stuff & only displays users

  • ls /home - displays users

  1. history - previously ran commands which might have some sensitive info

  2. ifconfig (or) ip a (or) ip route - network related information

  3. netstat - network route

  • netstat -a - all listening and established connection

  • netstat -at - tcp connections

  • netstat -au - udp connections

  • netstat -l - listening connections

  • netstat -s - network statistics

  • netstat -tp - connections with service name and pid we can also add "l" for only listening ports

  • netstat -i - interface related information

  • netstat -ano

  1. find command which helps us in finding lot of stuff,

  • Syntax: find <path> <options> <regex/name> find . -name flag1.txt: find the file named “flag1.txt” in the current directory

  • find /home -name flag1.txt : find the file names “flag1.txt” in the /home directory

  • find / -type d -name config : find the directory named config under “/”

  • find / -type f -perm 0777 : find files with the 777 permissions (files readable, writable, and executable by all users)

  • find / -perm a=x : find executable files

  • find /home -user frank : find all files for user “frank” under “/home”

  • find / -mtime 10 : find files that were modified in the last 10 days

  • find / -atime 10 : find files that were accessed in the last 10 day

  • find / -cmin -60 : find files changed within the last hour (60 minutes)

  • find / -amin -60 : find files accesses within the last hour (60 minutes)

  • find / -size 50M : find files with a 50 MB size

  • find / -writable -type d 2>/dev/null : Find world-writeable folders

  • find / -perm -222 -type d 2>/dev/null : Find world-writeable folders

  • find / -perm -o w -type d 2>/dev/null : Find world-writeable folders

  • find / -perm -o x -type d 2>/dev/null : Find world-executable folders

  • We can also find programming languages and supported languages: find / -name perl*, find / -name python*, find / -name gcc* ...etc

  • find / -perm -u=s -type f 2>/dev/null : Find files with the SUID bit, which allows us to run the file with a higher privilege level than the current user. This is important!

  1. We can even make use of "grep", "locate", "sort"...etc

PreviousManual Testing Elevation of privilegesNextEnumeration Scripts

Last updated