After Gaining initial access:

Enumeration Commands Description
id print real and effective user and group IDs
whoami current user
hostname show or set the system's host name
uname print system information
ps -ef report a snapshot of the current processes
echo $PATH print environment PATH variable
ifconfig configure a network interface
cat /etc/passwd show passwd file contents
sudo -l list commands allowed using sudo
find / -type f -a ( -perm -u+s -o -perm -g+s ) -exec ls -l {} ; 2> /dev/null Find all files suid and sgid files

Enumerating System information:

In a normal Linux shell:

Best info about the system

  • uname -a

This command will give the Linux kernal version:

  • cat /etc/issue

Identify more info regarding the System kernal:

  • cat /etc/*release

Show environment variables for the logged in user:

  • env

Display CPU information:

  • lscpu

Display RAM info(free utility might not be installed):

  • free -h

Display list of file systems(-h for human readable):

  • df -h

This filters only ext4 file extensions:

  • df -ht ext4

Display disk information:

  • lsblk | grep sd

Display all installed packages(Useful for enumerating applications version on our system):

  • dpkg -l

Enumerating Users & Groups :

In a normal Linux shell:

To see what are the available groups: groups

To see what groups this user is part of: groups <user>

Check available users on the system: cat /etc/passwd

To add a new user and specify a shell: useradd <asem> -s /bin/bash

To add a user and create a directory for this user in the home directory with -m: useradd -m <asem> -s /bin/bash

Add a user to a specific group: usermod -aG <target_group> <the_user_we_want_to_add_to_target_group> E.g. usermod -aG root bob

To check if any legitimate session are currently logged in: last or lastlog or w or who the last 2 commands might not be supported....

Enumerating Network Information:

In meterpreter

List a very verbose info about adapters and

  • ifconfig

List LISTEN ESTABLISHED CLOSED connection info:

  • netstat

Display routing information:

  • route
In a normal Linux shell:

Display interfaces and additional info:

  • ip a s

List of interfaces and networks(if ip command isn't available):

  • cat /etc/networks

Show manual domain records:

  • cat /etc/hosts

Show DNS resolves (Usually can be used to display the primary nameserver that will be used by default):

  • cat /etc/resolv.conf

Show ARP cache:

  • arp -a or in meterpreter: arp

Enumerating Processes & Cron Jobs:

In a normal Linux shell:

List running processes: ps or ps aux

Give a list of all running processes (Dynamic visual display COOL): top

Display the list of cronjob of the user: crontab -l

Display all cron files: ls -la /etc/cron*

In meterpreter

List running processes:

  • ps

Yeah:

  • pgrep <get_a_process_id_by_name>