Scribd
Upload
17 views1 page

Section 9 Resources

The document provides Linux and Windows privilege escalation enumeration cheat sheets. The Linux section lists commands for gathering system information like running processes, packages, firewall rules and more. The Windows section similarly lists commands for viewing users, processes, scheduled tasks, installed software, and system updates.

Uploaded by

atul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views1 page

Section 9 Resources

The document provides Linux and Windows privilege escalation enumeration cheat sheets. The Linux section lists commands for gathering system information like running processes, packages, firewall rules and more. The Windows section similarly lists commands for viewing users, processes, scheduled tasks, installed software, and system updates.

Uploaded by

atul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Section 9 Resources

• Linux Privilege Escalation Enumeration Cheat Sheet:


o id = info on current user on linux
o cat /etc/shadow = prints all usernames and password hashes
o hostname = provides host name
o cat /etc/issue
o cat /etc/*-release
o uname -a = kernel version and architecture
o ps axu = prints running processes and users running them in user readable format
o ip a = tcp/ip config of all interfaces and shows all information
o /sbin/route or /sbin/routel = routing table
o ss -anp = list all network connections and sessions
o grep -Hs iptables /etc/* = looks for iptables commands
o cat /etc/iptables-backup =prints these rules
o /etc/cron.daily = daily tasks
o /etc/cron.weekly = weekly tasks
o cat /et/crontab = system admin added tasks with potentially insecure permissions
o dpkg -l = list installed packages
o yum list installed = list installed packages on redhat linux
o find / -writable -type d 2>/dev/null = looks for world writable directories
o mount = prints all drives mounted
o cat /etc/fstab = all drives mounted at boot time
o /bin/lsblk = partition information, try to mount them if unmounted
o lsmod = list loaded modules
o /sbin/modinfo modulename = more info about module
• Windows Privilege Escalation Enumeration Cheat Sheet:
o net user = includes info on other users
o hostname = provides host name
o systeminfo
o tasklist /SVC = prints running processes not by privileged users
o ipconfig /all = displays full config of all adapters
o route print = prints routing tables
o netstat -ano = view all active tcp connections along with address/port
number/process id
o netsh advfirewall show currentprofile = view current firewall profile
 if profile is on:
• netsh advfirewall firewall show rule name=all = show all firewall
rules
o schtasks /query /fo LIST /v = displays scheduled tasks and displays as a list with
verbose output
o wmic product get name, version, vendor = enumerate installed applications and
versions installed by windows installer
o wmic qfe get Caption, Description, HotFixID, InstalledOn = list system wide
updates and when they were installed

You might also like