Skip to main content
Comprehensive checklist to follow once a foothold is obtained on a Linux box. I like to split this up into three parts: Foothold, System Info, and File System. Splitting it up like this helps me avoid going into a rabbit-hole and makes sure I finish gathering all necessary information.

Foothold

Commands that I run once I get a foothold as a user. If I later get a shell as another user, I’ll repeat these commands again. Run the easy, low hanging fruit commands so that we don’t forget.
  • List the current user’s home directory for any hidden files.
  • Run sudo -l to see if the user can run as sudoers.
  • If readable, read the current user’s .bash_history (uncommon).
  • Identify the current user and groups they may be apart of using id.

System Info

  • uname -a
  • cat /etc/issue
  • cat /etc/os-release
Verify if the kernel version is vulnerable to any kernel exploits.

Network

Identify ports that were not available before getting a shell.
  • Use netstat -tulnp or ss -ano to identify any internal ports.
  • Do research on any unknown ports.
  • Use chisel or SSH portforward to access any internal ports.

Binaries and Executables