Did you just exploit a Linux machine and you don’t know what to do next?
Here’s a quick list that helps you to start:
|
Command |
Description |
|
/etc/resolv.conf |
Use the copy command to access and review the system’s current DNS settings. Because it is a global file with read privileges, it will not trigger alarms when accessed. |
|
/etc/passwd and /etc/shadow |
These are system files that contains username and password hashes. It can be copied by a person with root-level access, and the passwords can be broken using a tool such as John the Ripper. |
|
whoami and who -a |
Identify the users on a local system. |
|
ifconfig -a, iptables -L -n, and netstat -r |
Provide networking information. ifconfig -a provides IP addressing details, iptables -L -n lists all of the rules held in the local firewall (if present), and netstat -r displays the routing information maintained by the kernel. |
|
uname -a |
Prints the kernel version. |
|
ps aux |
Prints currently running services, the process ID, and additional information. |
|
dpkg -l yum list | grep installed dpkg -l rpm -qa –last | head |
Identify the installed software packages. |
