234
◾
Ethical Hacking and Penetration Testing Guide
(Chapter 2); so by now you must be familiar with some of the commands for enumerating a
Linux-based host.
ifconfig
—This is the same as the
ipconfig
command; it displays
interfaces and associ-
ates IP/MAC addresses.
pwd
—This lists the current ID.
ls
—This lists the files in a particular directory.
find
—This command is useful if you want to find a particular file from a particular path.
find
-name filename
who/last
—This command displays the users currently
logged in on a machine; the
last
command displays the login history.
whoami
—This command tells your current privileges on a machine.
uname
–a
—This displays information about the kernel version, and could be very useful
when selecting Linux-based privilege escalation exploits.
touch
—This is used to create a 0 byte file. However, this will
only work if you have write
permissions on the current directory.
cat/etc/passwd
—The
/etc/passwd
file can be used to enumerate local users on a sys-
tem; the good thing about this file is that it is readable by any low-privilege user.
cat/etc/hosts/
—The
/etc/host
file is used to perform domain to IP mapping.
cat/etc/group/
—The
/etc/group
file is used to enumerate all the local groups.
cat/etc/resolv.conf
—This file is used to locate the name servers on a local machine.
