Useful Commands While Performing Local Enumeration In UNIX

Enumeration is used for extracting the user names, network resources, machine names, shares and services from a system. At the time, the attacker makes an active connection to the system and performs guided questions to acquire data about the target.

The accumulated data is utilized to distinguish the vulnerabilities or weak points in system security and attempts to exploit in the System gaining phase.

Here, some useful commands for Local Enumeration:

1. Finger

By using this command, view the home directory of a user along with idle time and login time.

finger command

2. Uname -a

It displays the Version, OS Name and other details about the current machine and the OS running on the current machine.

uname command

3. Env

This display all the environmental variables information.

env command

4. sudo -l

This show all sudo information about the current user.

sudo command

5. pwd

Present working directory show the current working directory path.

pwd command

6. ls -al

This command lists out all the files and their Hidden Files in the current directory.

is command

7. find / -perm /6000 2>/dev/null;

This display all the SUID and SGID files.

find command7

8. cat /etc/passwd

This list out all the users name on the system.

catp command8

9. cat /etc/group

The above command list all the groups on the system.

catg command9

10. cat /etc/shadow

It displays all the users and their password hashes.

cats command10

11. id

This shows the current user and group ID’s.

id command11

12. whoami

This shows name of the current user.

whoami command12

Enumeration is also based on services that the systems offers. Which are?
  • NTP enumeration
  • DNS enumeration
  • Linux/Windows enumeration
  • SNMP enumeration
  • SMB enumeration

By using LinEnum, which is an open source script for Local Linux Enumeration and also checks for Privilege Escalation.

linenum command13

Some Popular Enumeration Scripts are:
  • unix-privesc-check
  • linuxprivchecker
  • enum4linux
  • smtp-user-enum

Below are some common services and Port to Enumerate:

  • TCP 53: DNS Zone transfer
  • TCP 135: Microsoft RPC Endpoint Mapper
  • TCP 137: NetBIOS Name Service
  • TCP 139: NetBIOS session Service (SMB over NetBIOS)
  • TCP 445: SMB over TCP (Direct Host)
  • UDP 161: SNMP
  • TCP/UDP 389: LDAP
  • TCP/UDP 3368: Global Catalog Service
  • TCP 25: Simple Mail Transfer Protocol (SMTP)