search
inHTBTHM
githubEdit

Base Enumeration

hashtag
Users

Enumerate the current user ID (UID), group ID (GID), and the groups the user belongs to.

id
uid=1001(john) gid=1001(john) groups=1001(john),27(sudo) # john's result

Enumerate basic information of all users using /etc/passwd.

cat /etc/passwd

Enumerate shadow file if is accessible

cat /etc/shadow
unshadow /etc/passwd /etc/shadow
#then try choose jhon

  • Username: The login name (1-32 characters).

  • Password: An x means the password is stored in /etc/shadow.

  • User ID (UID): Unique ID for the user. UID 0 is for root, 1-99 are reserved, and 100-999 are for system accounts.

  • Group ID (GID): The primary group ID, found in /etc/group.

  • User Info (GECOS): Optional user information like full name or contact info.

  • Home Directory: The user's default directory when logging in.

  • Shell: The user's default shell, like /bin/bash, or /sbin/nologin to prevent login.

hashtag
System

Enumerate hostname.

Enumerate operating system version

Enumerate kernel version and architecture.

hashtag
User configurations

list sudoer capabilities of current user.

when your write this command the device check file sudoer if u have any permission of root or if u can login with root without password

List environment variables.

which we can find tokens, passwords , maybe can u must know PATH inject a malicious file

hashtag
Processes

Enumerate all processes in a user readable format.

Monitor Processes.

It also possible to monitor running processes at live time using pspyarrow-up-right tool.

hashtag
Network

Enumerate all network interfaces, this includes physical and virtual networks.

Display the routing tables.

Enumerate connections.

Enumerate firewall rules.

hashtag
Installed Software

hashtag
SSH Keys & History

Check ~/.ssh/, .bash_history, configs (.gitconfig, config.json, etc.)

hashtag
SUID/SGID Binaries:

hashtag
Writable Directories

PreviousWhat is Privilege Escalation?NextLinux Privilege Arena & HTB

Last updated