TryHackMe - Enumeration Post Compromise
Linux Enumeration
OS Version Details
1
ls /etc/*-release
1
hostname
Users and groups
1
2
3
cat /etc/passwd
cat /etc/group
cat /etc/shadow
Sensitive Info
1
ls -lh /var/mail/
1
2
ls -lh /usr/bin/
ls -lh /sbin/
Installed Packages
1
dpkg -l
Current user info
1
2
3
4
who
whoami
last
id
Network Details
1
2
3
ip a s
cat /etc/resolv.conf
sudo netstat -plt
netstat -atupn will show All TCP and UDP listening and established connections and the program names with addresses and ports in numeric format. Running Services
1
ps axf
Windows Enumeration
Systeminfo
1
systeminfo
Installed Updates
1
wmic qfe get Caption,Description
Windows Services
1
net start
Users
1
2
3
4
5
6
7
whoami /priv
whoami /groups
net user
net localgroup
net localgroup administrators
net accounts
net accounts /domain
Networking
1
2
3
ipconfig /all
netstat -abno
arp -a
DNS
1
dig -t AXFR DOMAIN_NAME @DNS_SERVER
SMB
1
net share
Other Tools
List
Sysinternals Suite
The Sysinternals Suite is a group of command-line and GUI utilities and tools that provides information about various aspects related to the Windows system. To give you an idea, we listed a few examples in the table below.
| Utility Name | Description |
|---|---|
| Process Explorer | Shows the processes along with the open files and registry keys |
| Process Monitor | Monitor the file system, processes, and Registry |
| PsList | Provides information about processes |
| PsLoggedOn | Shows the logged-in users |
Check Sysinternals Utilities Index for a complete list of the utilities. If you want to learn more and experiment with these different utilities, we suggest the Sysinternals room.
Process Hacker
Another efficient and reliable MS Windows GUI tool that lets you gather information about running processes is Process Hacker. Process Hacker gives you detailed information regarding running processes and related active network connections; moreover, it gives you deep insight into system resource utilization from CPU and memory to disk and network.
GhostPack Seatbelt
Seatbelt, part of the GhostPack collection, is a tool written in C#. It is not officially released in binary form; therefore, you are expected to compile it yourself using MS Visual Studio.
Summary
Commands and Cheatsheet
| Linux Command | Description |
|---|---|
hostname | shows the system’s hostname |
who | shows who is logged in |
whoami | shows the effective username |
w | shows who is logged in and what they are doing |
last | shows a listing of the last logged-in users |
ip address show | shows the network interfaces and addresses |
arp | shows the ARP cache |
netstat | prints network connections |
ps | shows a snapshot of the current processes |
| Windows Command | Description |
|---|---|
systeminfo | shows OS configuration information, including service pack levels |
whoami | shows the user name and group information along with the respective security identifiers |
netstat | shows protocol statistics and current TCP/IP network connections |
net user | shows the user accounts on the computer |
net localgroup | shows the local groups on the computer |
arp | shows the IP-to-Physical address translation tables |