Enumerating Local Groups and Users
The following two commands would be really helpful to enumerate local groups and users:
net user
—This will list all local users such as guests and administrators.
net
localgroup
—This command will list all the local groups. For example, if we
want to display all the local groups for administrators, we have to type “net localgroup
administrators.”
net user \domain
—This command would list users in a group.
net user \domain
—This command would list all the users in a particular domain. It is
very useful for identifying domain admins.
Enumerating a Linux Machine
Compared to Windows it’s less likely that you will come across a Linux host in your penetration
tests. We have already learnt about the basics of operating Linux in our “Linux Basics” chapter
234
◾
Ethical Hacking and Penetration Testing Guide
(Chapter 2); so by now you must be familiar with some of the commands for enumerating a
Linux-based host.
ifconfig
—This is the same as the
ipconfig
command; it displays interfaces and associ-
ates IP/MAC addresses.
pwd
—This lists the current ID.
ls
—This lists the files in a particular directory.
find
—This command is useful if you want to find a particular file from a particular path.
find
-name filename
who/last
—This command displays the users currently logged in on a machine; the
last
command displays the login history.
whoami
—This command tells your current privileges on a machine.
uname
–a
—This displays information about the kernel version, and could be very useful
when selecting Linux-based privilege escalation exploits.
touch
—This is used to create a 0 byte file. However, this will only work if you have write
permissions on the current directory.
cat/etc/passwd
—The
/etc/passwd
file can be used to enumerate local users on a sys-
tem; the good thing about this file is that it is readable by any low-privilege user.
cat/etc/hosts/
—The
/etc/host
file is used to perform domain to IP mapping.
cat/etc/group/
—The
/etc/group
file is used to enumerate all the local groups.
cat/etc/resolv.conf
—This file is used to locate the name servers on a local machine.
Postexploitation
◾
Dostları ilə paylaş: |