Enumeration

• User Enum

  cat /etc/passwd

  cat /etc/group

• Hostname

  hostname

• OS & Architecture

  cat /etc/issue

  cat /etc/*-release

  uname -a

• Processes & services

  • ps aux

  • Use https://github.com/DominicBreuker/pspy tool , it extract even hidden process

• Firewall

  Files under /etc/iptables

• Network Enum

  ip a

  /sbin/route

  ss -anp

  netstat -ano

• Scheduled tasks

  ls -lah /etc/cron*

  cat /etc/crontab

• Installed packages & patch level

  dpkg -l

• Readable/Writable files & dir

  find / -writable -type d 2>/dev/null

  find / -writable -type f 2>/dev/null
  find / -group adm -readable 2>/dev/null
  

• Unmounted disk

  cat /etc/fstab

  mount

  lsblk

• Device Drivers and Kernel Modules

  In powershell,

  lsmod , enumerate modules

  modinfo <module-name> details

• Binaries That AutoElevate OR SUID

  find / -perm -u=s -type f 2>/dev/null

• cat certain file in in each directory

  • find /home -name .bash_history -exec cat {} \;
    • it will cat .bash_history file in every user dir

• Automation Tool

  Tool:- unix-privesc-check

  unix-privesc-check

  https://pentestmonkey.net/tools/audit/unix-privesc-check

For more commands check Important links