Information Gathering for Linux Privilege Escalation – Part 1

Once we get an initial foothold on our target system it’s time to start all over again gathering information and enumerating our target.

Be sure to also verify any and all information gathering in our initial enumeration steps.

What OS is the system running? What kernel version?

uname -i

uname -a

cat /etc/*-release

lsb_release -a (Debian based OSs)

What account are we running as and what permissions do we have?



ls -l view permissions of various directories as we move through the file system

What other user accounts exist on the system and what privileges do they have?

cat /etc/passwd

grep -vE “nologin|false” /etc/passwd

What’s currently running on the box?

ps aux

What network services and connections exist on this host?

netstat -antup

What’s installed? What kernel is being used?

dpkg -l (Debian based OSs)

rpm -qa (CentOS / openSUSE )

Are there any plain text password files on the box?

grep -rnw ‘/path/to/somewhere/’ -e ‘password’

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *