# 5 Looting

## After root

1. dump **etc/shadow**
2. check **/var/mail**
3. Cheat sheet: <https://xapax.gitbooks.io/security/content/tcp-dumps_on_pwnd_machines.html>

<https://xapax.github.io/security/>\
<https://xapax.github.io/security/#post_exploitation/privilege_escalation_-_linux/>

<https://github.com/mubix/post-exploitation-wiki>