top of page
Search

Essential Commands for Linux Machine Enumeration

  • aldern00b
  • Nov 14, 2023
  • 2 min read

Here's some basic enumeration commands to run while enumerating



hostname

return the hostname of the target machine


uname -a

print system information giving us additional detail about the kernel used by the system.


/proc/version

provides information about the target system processes. 


/etc/issue

usually contains some information about the operating system but can easily be customized or changed.


ps
ps -A <--View all running processes
ps axjf <-- View process tree

see the running processes on a Linux system.



env

will show environmental variables.


sudo -l

list all commands your user can run using sudo


ls -la

please remember to always use the ls command with the -la parameter.


id

provide a general overview of the user’s privilege level and group memberships.


cat /etc/passwd
cat /etc/passwd | grep home <-- just show users with a home folder.

easy way to discover users on the system.


history

Shows command line history, may have stored information such as passwords or usernames.


ifconfig

give us information about the network interfaces of the system. 


ip route

command to see which network routes exist.


netstat <-- check for existing interfaces and network routes
netstat -a <-- shows all listening ports and established connections.
netstat -at or netstat -au <-- can also be used to list TCP or UDP protocols respectively.
netstat -l <-- list ports in “listening” mode. These ports are open and ready to accept incoming connections. This can be used with the “t” option to list only ports that are listening using the TCP protocol
netstat -s <-- list network usage statistics by protocol. This can also be used with the -t or -u options to limit the output to a specific protocol.
netstat -tp <-- list connections with the service name and PID information. This can also be used with the -l option to list listening port
netstat -i <-- Shows interface statistics.
netstat -ano < --which could be broken down as follows
-a: Display all sockets
-n: Do not resolve names
-o: Display timers

find
find -type f 2>/dev/null <-- redirect errors to /dev/null
find / -perm -u=s -type f 2>/dev/null <-- Find files with the SUID bit, which allows us to run the file with a higher privilege level than the current user.

 
 
 

Comments

AlderN00b

I.T. Admin    |    Hacking    |    Learning

©2022 by AlderN00b. Proudly created with Wix.com

bottom of page