/
Linux Post-Exploitation Enumeration
Enumeration is the first step after obtaining initial access. Before exploiting anything, you must understand the environment to identify privilege escalation vectors.
◆
System information
enumeration linux privesc◆
User context
◆
Permissions and sensitive files
◆
Sudo and configurations
◆
Network and processes
◆
Environment variables and PATH
◆
Scheduled tasks
◆
Automatic enumeration tools
| Tool | Description | Usage |
|---|---|---|
| LinPEAS | Comprehensive, color-coded, highly detailed enumeration | curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh |
| LinEnum | Lighter enumeration script | ./LinEnum.sh -t |
| linux-exploit-suggester | Suggests kernel exploits based on version | ./linux-exploit-suggester.sh |
| pspy | Monitors processes without being root | ./pspy64 |
◆
Flashcards
FLASHCARDS · 1/2
CARD #0001
_□×
UNSEEN
Which Linux groups often allow privilege escalation?
◆
Exercises
Exercise 1 — Build a privilege escalation enumeration checklist
- On a Linux VM (TryHackMe "Linux PrivEsc" or HackTheBox), run
idandsudo -l - Find all SUID files:
find / -perm -4000 -type f 2>/dev/null - List all cron jobs:
cat /etc/crontab+crontab -l - Download and run LinPEAS — read the red (critical) sections
- Download pspy64 and observe root-launched processes for 5 minutes
◆
Open Questions
Question 1 — Why is enumeration the most important step in Linux privilege escalation?
◆
Next Lesson
With enumeration complete, the next lesson exploits the most common Linux privilege escalation vector: SUID and SGID binaries.
Next: SUID & SGID