4. Exposed Information

Environment Variables:

env

Git repositories:

#Find repos:
find / -name ".git" 2>/dev/null

#Check status of repo (from inside repo):
git status

#Check commits:
git log

#Examine commit:
git show <commit-id>

#Examine difference between commits:
git diff <commit-id>

History:

history

.bash configuration file:

cat ~/.bashrc

.bash_history log file:

cat ~/.bash_history

• För att testa environment-variabler kan skapas ett login-shell för användaren "su - root". Då laddas variablerna in istället för bara körs "su root"

Generate custom wordlist based on known password:

#Example:
crunch 6 6 -t Lab%%% > out.list

#Explanation:
crunch <mincharlen> <maxcharlen> -t (specify pattern) Lab%%% (hardcoded "Lab" plus three numeric digits) > out.list

Bruteforce SSH-server with Hydra:

hydra -l eve -P wordlist  192.168.50.214 -t 4 ssh -V

List sudo capabilities:

sudo -l

Elevate directly to root using sudo:

sudo -i

Enumerate running processes and filter for occurrence of "pass":

watch -n 1 "ps -aux | grep pass"

If allowed use tcpdump to analyse traffic:

sudo tcpdump -i lo -A | grep "pass"

List available shells in Unix:

cat /etc/shells