# Enumeration

## Enumeration

* **User Enum**

  cat /etc/passwd

  cat /etc/group
* **Hostname**

  hostname
* **OS & Architecture**

  cat /etc/issue

  cat /etc/\*-release

  uname -a
* **Processes & services**
  * ps aux
  * Use <https://github.com/DominicBreuker/pspy> tool , it extract even hidden process
* **Firewall**

  Files under /etc/iptables
* **Network Enum**

  ip a

  /sbin/route

  ss -anp

  netstat -ano
* **Scheduled tasks**

  ls -lah /etc/cron\*

  cat /etc/crontab
* **Installed packages & patch level**

  dpkg -l
* **Readable/Writable files & dir**

  find / -writable -type d 2>/dev/null

  find / -writable -type f 2>/dev/null find / -group adm -readable 2>/dev/null
* **Unmounted disk**

  cat /etc/fstab

  mount

  lsblk
* **Device Drivers and Kernel Modules**

  In powershell,

  lsmod , enumerate modules

  modinfo \<module-name> details
* **Binaries That AutoElevate OR SUID**

  find / -perm -u=s -type f 2>/dev/null
* cat certain file in in each directory
  * find /home -name .bash\_history -exec cat {} \\;
    * it will cat .bash\_history file in every user dir
* **Automation Tool**

  Tool:- unix-privesc-check

  [unix-privesc-check](https://pentestmonkey.net/tools/audit/unix-privesc-check)

For more commands check [Important links](https://www.notion.so/Important-links-450941ae91654485a1fba647f6a7d628)