The following post lists a few Linux commands that may come in useful when trying to escalate privileges on a target system. This is generally aimed at enumeration rather than specific vulnerabilities/exploits and I realise these are just the tip of the iceberg in terms of what’s available.
Revision 1.2 (Minor January 2017 update)
Kernel, Operating System & Device Information:
| Command | Result |
uname -a |
Print all available system information |
uname -r |
Kernel release |
uname -n |
System hostname |
hostname |
As above |
uname -m |
Linux kernel architecture (32 or 64 bit) |
cat /proc/version |
Kernel information |
cat /etc/*-release |
Distribution information |
cat /etc/issue |
As above |
cat /proc/cpuinfo |
CPU information |
df -a |
File system information |
Users & Groups:
| Command | Result |
cat /etc/passwd |
List all users on the system |
cat /etc/group |
List all groups on the system |
for i in $(cat /etc/passwd 2>/dev/null| cut -d":" -f1 2>/dev/null);do id $i;done 2>/dev/null |
List all uid’s and respective group memberships |
cat /etc/shadow |
Show user hashes – Privileged command |
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' |
List all super user accounts |
finger |
Users currently logged in |
pinky |
As above |
users |
As above |
who -a |
As above |
w |
Who is currently logged in and what they’re doing |
last |
Listing of last logged on users |
lastlog |
Information on when all users last logged in |
lastlog –u %username% |
Information on when the specified user last logged in |
lastlog |grep -v "Never" |
Entire list of previously logged on users |