Useful Tips

Here are some tips to help you get the most out of post-exploitation concepts, tools, and utilities:

  • Use hostname and whoami commands

  • Use uname -a

  • Make cat /proc/version to get more information about the OS

  • Make cat /etc/issue to know OS information

  • Make ps -A to show running processes on the current shell (ps axjf for tree display mode)

  • Use env to see environment variables

  • Use id to obtain information about users and groups, or even information about another user

  • Use ls -la to check hidden files

  • Make cat /etc/passwd | cur -d ":" -f 1 or cat /etc/passwd | grep "home" to know existing users

  • Check the last used commands with history

  • Check network interfaces with ifconfig to know if it could be a pivoting point to another network. Then use ip route to confirm an interface cannot be accessed directly by the machine (it won't say it is a default interface).

  • Use netstat to obtain information about listening ports and services running.

  • Search for specific files with find

  • Use tools such as Linpeas or Linenum for automation of the process

  • Use dpkg -l on Linux or look at C:\Program Files in Windows, to see what software is installed on the system.

  • Check for exposed credentials on configuration files of web apps or containers.

  • Check if there are write permissions to add new cron jobs in the /etc/crontab, /etc/cron.d, or /var/spool/cron/crontabs/root folders to gain privileged shells or execute exploits.

  • Use base64 encode to convert a file to base64 format, and pass it in this way to a remote host to evade filtering of file types. To encode, we use base64 $file -w 0 and to decode it with echo $encodedstring | base64 -d > $file

  • Check the kernel version to find any possible exploit

  • Use the sudo -l command to check sudo execution permissions and environment options

  • Check executables with SUID or SGID permissions

  • Check which binaries have capabilities assigned

  • Check which cron jobs are programmed to be executed

  • Check cron jobs that may be deleted from the system but not from crontab

  • Check writable folders that can be vulnerable to abuse of the PATH environment variable

  • Check the NFS configuration files to create a connection with the host machine

PreviousTools and UtilitiesNextLateral Movement

Last updated