Manual Enumeration

System, user, network, and password

System Enumeration

Enumerate kernel version:

uname -a

Enumerate distribution:

cat /proc/version

Enumerate CPU:

lscpu

Enumerate running services:

ps aux

Enumerate running services owned by root:

ps aux | grep root

User Enumeration

Enumerate current username:

whoami

Enumerate current user ID:

id

Enumerate active sessions:

w

Enumerate sudo:

sudo -l

Enumerate all users on the system:

cat /etc/passwd

Show only usernames from /etc/passwd:

cat /etc/passwd | cut -d : -f 1

Enumerate user groups:

cat /etc/group

Enumerate command history:

history

Network Enumeration

Enumearte network settings (older machines):

ifconfig

Enumearte network settings (newer machines):

ip a

Enumerate routing table (older machines):

route

Enumerate routing table (newer machines):

ip route

Enumerate ARP table (older machines):

arp -e

Enumerate ARP table (newer machines):

ip neigh

Enumerating active network connections:

netstat -antup

Password Hunting

Search for the keyword "password=" in all files:

grep --color=auto -rnw '/' -ie "PASSWORD=" --color=always 2>/dev/null

Search for the keyword "password" in filenames:

locate password | more

Search for SSH keys:

find / -name id_rsa 2>/dev/null

Applications and Services

Enumerate running services owned by root:

ps aux | grep root

Enumerate installed applications on Debian and derivatives:

dpkg -l

Enumerate installed applications on Fedora-based distros, use:

rpm -qa

Enumerate configuration files in the /etc directory:

ls -la /etc/ | grep .conf

Search for web application configuration files:

ls -la /var/www/html/

File and Directory Enumeration

World-writable directories:

find / \( -wholename '/home/homedir*' -prune \) -o \( -type d -perm -0002 \) -exec ls -ld '{}' ';' 2>/dev/null | grep -v root

World-writable directories for root:

find / \( -wholename '/home/homedir*' -prune \) -o \( -type d -perm -0002 \) -exec ls -ld '{}' ';' 2>/dev/null | grep root

World-writable files:

find / \( -wholename '/home/homedir/*' -prune -o -wholename '/proc/*' -prune \) -o \( -type f -perm -0002 \) -exec ls -l '{}' ';' 2>/dev/null
PreviousLinux PermissionsNextAutomated Tools

Last updated