Enumeration

System

# returns the hostname of the target machine
hostname

# returns kernel information
uname -a

# provides information about the target system processes
cat /proc/version

# information about the operating system
cat /etc/issue

# 
cat /etc/*-release

Processes & Network

# running processes
ps

# running processes for all users
ps aux

# root-owned process
ps aux | grep -i 'root' --color=auto

# view process tree
ps axjf

# 
netstat -tunlp

netstat -ano

#
ip a / ifconfig

# command to see which network routes exist. 
ip route

Core

# show sudo permissions
sudo -l

# find suids/guids
find / -type f -perm -04000 -ls 2>/dev/null

# overview of the user’s privilege level and group memberships 
id

# easy way to discover users on the system
cat /etc/passwd

# show environment variable
env

# recent commands from user
history

Capabilities

getcap -r / 2>/dev/null

Cron Jobs

crontab -u root -l
crontab -l
cat /etc/crontab
ls /etc/cron.*
grep CRON /var/log/syslog

Find

# find file by name
find / -type f -name <name>

# find directory by name
find / -type d -name <name>

# find files with the 777 permissions 
find / -type f -perm 0777:

# find executable files
find / -perm a=x: 

# find all files for user frank under /home
find /home -user frank: 

# find files that were modified in the last 10 days
find / -mtime 10: 

# find files that were accessed in the last 10 day
find / -atime 10: 

# find files changed within the last hour (60 minutes)
find / -cmin -60: 

# find files accesses within the last hour (60 minutes)
find / -amin -60: