Linux Post Exploitation

Did you just exploit a Linux machine and you don’t know what to do next?

Here’s a quick list that helps you to start:




Use the copy command to access and review the system’s current DNS settings. Because it is a global file with read privileges, it will not trigger alarms when accessed.

/etc/passwd and /etc/shadow

These are system files that contains username and password hashes. It can be copied by a person with root-level access, and the passwords can be broken using a tool such as John the Ripper.

whoami and who -a

Identify the users on a local system.

ifconfig -a, iptables -L -n, and netstat -r

Provide networking information. ifconfig -a provides IP addressing details, iptables -L -n lists all of the rules held in the local firewall (if present), and netstat -r displays the routing information maintained by the kernel.

uname -a

Prints the kernel version.

ps aux

Prints currently running services, the process ID, and additional information.

dpkg -l yum list | grep installed

dpkg -l rpm -qa –last | head

Identify the installed software packages.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn