⌘Ctrlk

LinkedIn Github

Enumeration

Linux Privilege Escalation Enumeration Commands

1. Process Enumeration

List Current Processes
- ps aux # Shows all running processes
- ps -ef # Alternative way to list processes
See processes running as root
- ps aux | grep root
See logged-in users
- ps au

2. User and Home Directory Enumeration

List Home Directory Contents
- ls -la ~/ # Lists all files, including hidden ones, in the current user's home directory
List All Users' Home Directory Contents
- ls -la /home/* # Lists all files in all users' home directories
View user home directories
- ls /home

3. SSH Directory Enumeration

Check SSH Keys and Configuration
- ls -la ~/.ssh/ # Lists SSH-related files
- cat ~/.ssh/authorized_keys # Displays authorized SSH keys
- cat ~/.ssh/id_rsa # Displays the private SSH key (if readable)
SSH into the lab target
- ssh htb-student@<target IP>

4. Bash History Enumeration

Check User's Command History
- cat ~/.bash_history # Displays previously executed commands

5. Privilege Escalation Checks

Check Sudo Privileges
- sudo -l # Lists commands the user can run with sudo

6. User Information Enumeration

Check System Users
- cat /etc/passwd # Lists all system users

7. Scheduled Tasks and Cron Jobs

Check User-Specific Cron Jobs
- crontab -l # Lists current user's scheduled tasks
Check System-Wide Cron Jobs
- ls -la /etc/cron* # Lists cron-related files
- cat /etc/crontab # Displays system-wide cron jobs
Check for daily Cron jobs
- ls -la /etc/cron.daily

8. File System and Additional Drives

Check Mounted Filesystems and Partitions
- lsblk # Displays block devices
- fdisk -l # Lists partition information
- mount # Lists mounted filesystems
- df -h # Displays disk usage
Check the Kernel version
- uname -a
Check the OS version
- cat /etc/lsb-release

9. Writable Directories and Files

Find Writable Directories
- find / -type d -writable 2>/dev/null # Finds writable directories
Find Writable Files
- find / -type f -writable 2>/dev/null # Finds writable files

PreviousLinux Privileage Escalation NextEnvironment Enumeration

Last updated 10 months ago