Basic checks

OS version

# Check OS version
cat /etc/issuecat 
/etc/*-releasecat 
/etc/lsb-release      # Debian based
cat /etc/redhat-release   # Redhat based

Kernel version

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-

Environment Variables

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Find

#World writable folders
find / -writable -type d 2>/dev/null -exec ls -ldb {} \;

#Root suid files
find / -user root -perm -4000 -type f 2>/dev/null -exec ls -ldb {} \;

Juicy files

/etc/*issue
/etc/*release
/proc/version
/etc/profile
/etc/passwd
/etc/shadow
/root/.bash_history
/var/log/dmessage
/var/mail/root
/var/spool/cron/crontabs/root


# can see what is the PID or ID of running process, correspond to /etc/passwd see if you can tell which user
/proc/self/status

# Can check what 'user agents', if you have access you may be able to do code execution modifying 'user agents'
/proc/self/environ

# Anything blocking us from bruteforcing?
etc/pam.d/system-auth
etc/fail2ban/fail2ban.conf


# OSX / macOS
/etc/fstab
/etc/master.passwd 
/etc/resolv.conf
/etc/sudoers
/etc/sysctl.conf

PreviousNcat Persistent Backdoor NextUpgrading Shells

Last updated 5 years ago

Was this helpful?