Information Gathering for Linux Privilege Escalation – Part 1
Once we get an initial foothold on our target system it’s time to start all over again gathering information and enumerating our target.
Be sure to also verify any and all information gathering in our initial enumeration steps.
What OS is the system running? What kernel version?
lsb_release -a (Debian based OSs)
What account are we running as and what permissions do we have?
ls -l view permissions of various directories as we move through the file system
What other user accounts exist on the system and what privileges do they have?
grep -vE “nologin|false” /etc/passwd
What’s currently running on the box?
What network services and connections exist on this host?
What’s installed? What kernel is being used?
dpkg -l (Debian based OSs)
rpm -qa (CentOS / openSUSE )
Are there any plain text password files on the box?
grep -rnw ‘/path/to/somewhere/’ -e ‘password’