Enumeration
Linux Privilege Escalation Enumeration Commands
1. Process Enumeration
List Current Processes
ps aux# Shows all running processesps -ef# Alternative way to list processes
See processes running as root
ps aux | grep root
See logged-in users
ps au
2. User and Home Directory Enumeration
List Home Directory Contents
ls -la ~/# Lists all files, including hidden ones, in the current user's home directory
List All Users' Home Directory Contents
ls -la /home/*# Lists all files in all users' home directories
View user home directories
ls /home
3. SSH Directory Enumeration
Check SSH Keys and Configuration
ls -la ~/.ssh/# Lists SSH-related filescat ~/.ssh/authorized_keys# Displays authorized SSH keyscat ~/.ssh/id_rsa# Displays the private SSH key (if readable)
SSH into the lab target
ssh htb-student@<target IP>
4. Bash History Enumeration
Check User's Command History
cat ~/.bash_history# Displays previously executed commands
5. Privilege Escalation Checks
Check Sudo Privileges
sudo -l# Lists commands the user can run with sudo
6. User Information Enumeration
Check System Users
cat /etc/passwd# Lists all system users
7. Scheduled Tasks and Cron Jobs
Check User-Specific Cron Jobs
crontab -l# Lists current user's scheduled tasks
Check System-Wide Cron Jobs
ls -la /etc/cron*# Lists cron-related filescat /etc/crontab# Displays system-wide cron jobs
Check for daily Cron jobs
ls -la /etc/cron.daily
8. File System and Additional Drives
Check Mounted Filesystems and Partitions
lsblk# Displays block devicesfdisk -l# Lists partition informationmount# Lists mounted filesystemsdf -h# Displays disk usage
Check the Kernel version
uname -a
Check the OS version
cat /etc/lsb-release
9. Writable Directories and Files
Find Writable Directories
find / -type d -writable 2>/dev/null# Finds writable directories
Find Writable Files
find / -type f -writable 2>/dev/null# Finds writable files
Last updated