Target Host Enumeration

Common writable dir: /tmp ; /var/tmp

lookfor /home/user/.bash_histroy for creds

OS: cat /etc/*-release

Architecture / Kernel: uname -a

Who: id

Where: pwd

All account: cat /etc/passwd

Shell user: grep -vE "nologin|false" /etc/passwd

Current process: ps aux

Active network service: netstat -antup (services that are listed here but weren't detected could mean a firewall rule blocked its detection)

Mount share: cat /etc/fstab

Custom scripts: ls /mnt/scripts

Scheduled tasks: ls -lah /etc/cron* ; cat /etc/crontab

Installed package: dpkg -l (debian) ; rpm -l or -qa (cent/opensuse)

Firewall: /etc/iptables

C:\Users\cureentuser\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

OS: systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"

Who: whoami /groups /priv gpresult /R

Active network service: netstat -abno

Last updated 1 year ago