Once we get an initial foothold on our target system it’s time to start all over again gathering information and enumerating our target.
Be sure to also verify any and all information gathering in our initial enumeration steps.
Which OS & kernel version is the system running?
# uname -i
# uname -a
# cat /etc/*-release
# lsb_release -a (Debian based OS)
What account are we running as and what permissions do we have?
# ls -l (view permissions of various directories as we move through the file system)
What other user accounts exist on the system and what privileges do they have?
# cat /etc/passwd
# grep -vE “nologin|false” /etc/passwd
What’s currently running on the box?
# ps aux
What network services and connections exist on this host?
# netstat -antup
What packages are installed?
# dpkg -l (Debian based OS)
# rpm -qa (CentOS / openSUSE )
Are there any plain text password files on the box?
# grep -rnw ‘/path/to/somewhere/’ -e ‘password’
What processes are running and on which ports?
# lsof -p 5500
Which files have root privileges?
# find /bin -uid 0 -perm -4000 -print