Useful Commands While Performing Local Enumeration In UNIX
Enumeration is used for extracting the user names, network resources, machine names, shares and services from a system. At the time, the attacker makes an active connection to the system and performs guided questions to acquire data about the target.
The accumulated data is utilized to distinguish the vulnerabilities or weak points in system security and attempts to exploit in the System gaining phase.
Here, some useful commands for Local Enumeration:
By using this command, view the home directory of a user along with idle time and login time.
2. Uname -a
It displays the Version, OS Name and other details about the current machine and the OS running on the current machine.
This display all the environmental variables information.
4. sudo -l
This show all sudo information about the current user.
Present working directory show the current working directory path.
6. ls -al
This command lists out all the files and their Hidden Files in the current directory.
7. find / -perm /6000 2>/dev/null;
This display all the SUID and SGID files.
8. cat /etc/passwd
This list out all the users name on the system.
9. cat /etc/group
The above command list all the groups on the system.
10. cat /etc/shadow
It displays all the users and their password hashes.
This shows the current user and group ID’s.
This shows name of the current user.
Enumeration is also based on services that the systems offers. Which are?
- NTP enumeration
- DNS enumeration
- Linux/Windows enumeration
- SNMP enumeration
- SMB enumeration
By using LinEnum, which is an open source script for Local Linux Enumeration and also checks for Privilege Escalation.
Some Popular Enumeration Scripts are:
Below are some common services and Port to Enumerate:
- TCP 53: DNS Zone transfer
- TCP 135: Microsoft RPC Endpoint Mapper
- TCP 137: NetBIOS Name Service
- TCP 139: NetBIOS session Service (SMB over NetBIOS)
- TCP 445: SMB over TCP (Direct Host)
- UDP 161: SNMP
- TCP/UDP 389: LDAP
- TCP/UDP 3368: Global Catalog Service
- TCP 25: Simple Mail Transfer Protocol (SMTP)