All pastes #2132323 Raw Edit

Something

public text v1 · immutable
#2132323 ·published 2012-03-27 00:06 UTC
rendered paste body
root@bt:~# cat /root/linux-enum.sh
#!/bin/bash

echo '#########################
#       OS ENUM #
#########################'
echo '========(.)-(.)========'
cat /etc/issue
echo '========(.)-(.)========'
cat /etc/*-release
echo '========(.)-(.)========'
cat /etc/lsb-release
echo '========(.)-(.)========'
cat /etc/redhat-release

echo '#########################
#      KERNEL ENUM#
#########################'
echo '========(.)-(.)========'
cat /proc/version
echo '========(.)-(.)========'
uname -a
echo '========(.)-(.)========'
uname -mrs
echo '========(.)-(.)========'
rpm -q kernel
echo '========(.)-(.)========'
dmesg | grep Linux
echo '========(.)-(.)========'
ls /boot | grep vmlinuz-
echo '========(.)-(.)========'

echo '#########################
#      ENV ENUM   #
#########################'
echo '========(.)-(.)========'
cat /etc/profile
echo '========(.)-(.)========'
cat /etc/bashrc
echo '========(.)-(.)========'
cat ~/.bash_profile
echo '========(.)-(.)========'
cat ~/.bashrc
echo '========(.)-(.)========'
cat ~/.bash_logout
echo '========(.)-(.)========'
env
echo '========(.)-(.)========'
set

echo '#########################
#      GCC VERSION#
#########################'
echo '========(.)-(.)========'
ldd --version
echo '#########################
#   PRINTER ENUM  #
#########################'
echo '========(.)-(.)========'
lpstat -a

echo '#########################
#      SERVICE ENUM     #
#########################'
echo '========(.)-(.)========'
ps aux
echo '========(.)-(.)========'
ps -ef
echo '========(.)-(.)========'
cat /etc/service

echo '#########################
# ROOT SERVICE ENUM     #
#########################'
echo '========(.)-(.)========'
ps aux | grep root
echo '========(.)-(.)========'
ps -ef | grep root



echo '#########################
#   APPLICATION ENUM    #
#########################'
echo '========(.)-(.)========'
ls -alh /usr/bin/
echo '========(.)-(.)========'
ls -alh /sbin/
echo '========(.)-(.)========'
dpkg -l
echo '========(.)-(.)========'
rpm -qa
echo '========(.)-(.)========'
ls -alh /var/cache/apt/archivesO
echo '========(.)-(.)========'
ls -alh /var/cache/yum/

echo '#########################
#     CONFIG ENUM #
#########################'
echo '========(.)-(.)========'
cat /etc/syslog.conf
echo '========(.)-(.)========'
cat /etc/chttp.conf
echo '========(.)-(.)========'
cat /etc/lighttpd.conf
echo '========(.)-(.)========'
cat /etc/cups/cupsd.conf
echo '========(.)-(.)========'
cat /etc/inetd.conf
echo '========(.)-(.)========'
cat /etc/apache2/apache2.conf
echo '========(.)-(.)========'
cat /etc/my.conf
echo '========(.)-(.)========'
cat /etc/httpd/conf/httpd.conf
echo '========(.)-(.)========'
cat /opt/lampp/etc/httpd.conf
echo '========(.)-(.)========'
cat /var/apache2/config.inc
echo '========(.)-(.)========'
cat /var/lib/mysql/mysql/user.MYD
echo '========(.)-(.)========'
cat /root/anaconda-ks.cfg

echo '#########################
# SCHEDULED TASKS ENUM  #
#########################'
echo '========(.)-(.)========'
crontab -l
echo '========(.)-(.)========'
ls -alh /var/spool/cron
echo '========(.)-(.)========'
ls -al /etc/ | grep cron
echo '========(.)-(.)========'
ls -al /etc/cron*
echo '========(.)-(.)========'
cat /etc/cron*
echo '========(.)-(.)========'
cat /etc/at.allow
echo '========(.)-(.)========'
cat /etc/at.deny
echo '========(.)-(.)========'
cat /etc/cron.allow
echo '========(.)-(.)========'
cat /etc/cron.deny
echo '========(.)-(.)========'
cat /etc/crontab
echo '========(.)-(.)========'
cat /etc/anacrontab
echo '========(.)-(.)========'
cat /var/spool/cron/crontabs/root
echo '#########################
#   NETWORK ENUM  #
#########################'
echo '========(.)-(.)========'
/sbin/ifconfig -a
echo '========(.)-(.)========'
cat /etc/network/interfaces
echo '========(.)-(.)========'
cat /etc/sysconfig/network

echo '#########################
#   NETWORK CONFIG ENUM #
#########################'
echo '========(.)-(.)========'
cat /etc/resolv.conf
echo '========(.)-(.)========'
cat /etc/sysconfig/network
echo '========(.)-(.)========'
cat /etc/networks
echo '========(.)-(.)========'
iptables -L
echo '========(.)-(.)========'
hostname
echo '========(.)-(.)========'
dnsdomainname

echo '#########################
#     NETSTAT ENUM#
#########################'
echo '========(.)-(.)========'
lsof -i
echo '========(.)-(.)========'
lsof -i :80
echo '========(.)-(.)========'
grep 80 /etc/services
echo '========(.)-(.)========'
netstat -antup
echo '========(.)-(.)========'
netstat -antpx
echo '========(.)-(.)========'
netstat -tulpn
echo '========(.)-(.)========'
chkconfig --list
echo '========(.)-(.)========'
chkconfig --list | grep 3:on
echo '========(.)-(.)========'
last
echo '========(.)-(.)========'
w
echo '========(.)-(.)========'
getsebool -a

echo '#########################
#     NET CAHCE ENUM    #
#########################'
echo '========(.)-(.)========'
arp -e
echo '========(.)-(.)========'
route
echo '========(.)-(.)========'
/sbin/route -nee
echo '#########################
#     USER ENUM   #
#########################'
echo '========(.)-(.)========'
echo '========(.)-(.)========'
id
echo '========(.)-(.)========'
who
echo '========(.)-(.)========'
w
echo '========(.)-(.)========'
last
echo '========(.)-(.)========USERS'
cat /etc/passwd | cut -d":" -f1
echo '========(.)-(.)========'
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}'   # List of super users
echo '========(.)-(.)========SUPER USERS'
awk -F: '($3 == "0") {print}' /etc/passwd   # List of super users
echo '========(.)-(.)========SUDOERS'
cat /etc/sudoers

echo '#########################
#      ENV ENUM   #
#########################'
echo '========(.)-(.)========/etc/passwd'
cat /etc/passwd
echo '========(.)-(.)========/etc/group'
cat /etc/group
echo '========(.)-(.)========/etc/shadow'
cat /etc/shadow
echo '========(.)-(.)========/var/mail'
ls -alh /var/mail/

echo '#########################
#    HOME DIR ENUM#
#########################'
echo '========(.)-(.)========/root/'
ls -ahlR /root/
echo '========(.)-(.)========/home/'
ls -ahlR /home/

echo '#########################
#    USER HISTORY ENUM  #
#########################'
cat ~/.bash_history
echo '========(.)-(.)========'
cat ~/.nano_history
echo '========(.)-(.)========'
cat ~/.atftp_history
echo '========(.)-(.)========'
cat ~/.mysql_history
echo '========(.)-(.)========'
cat ~/.php_history
echo '========(.)-(.)========'
cat ~/.bashrc
echo '========(.)-(.)========'
cat ~/.profile
echo '========(.)-(.)========'
cat /var/mail/root
echo '========(.)-(.)========'
cat /var/spool/mail/root

echo '#########################
#   PRIVATE KEY  ENUM   #
#########################'
echo '========(.)-(.)========'
cat ~/.ssh/authorized_keys
echo '========(.)-(.)========'
cat ~/.ssh/identity.pub
echo '========(.)-(.)========'
cat ~/.ssh/identity
echo '========(.)-(.)========'
cat ~/.ssh/id_rsa.pub
echo '========(.)-(.)========'
cat ~/.ssh/id_rsa
echo '========(.)-(.)========'
cat ~/.ssh/id_dsa.pub
echo '========(.)-(.)========'
cat ~/.ssh/id_dsa
echo '========(.)-(.)========'
cat /etc/ssh/ssh_config
echo '========(.)-(.)========'
cat /etc/ssh/sshd_config
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_dsa_key.pub
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_dsa_key
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_rsa_key.pub
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_rsa_key
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_key.pub
echo '========(.)-(.)========'
cat /etc/ssh/ssh_host_key
echo '#########################
#    FILE SYSTEM ENUM   #
#########################'
echo '========(.)-(.)========'
ls -aRl /etc/ | awk '$1 ~ /^.*w.*/' 2>/dev/null     # Anyone
echo '========(.)-(.)========'
ls -aRl /etc/ | awk '$1 ~ /^..w/' 2>/dev/null  # Owner
echo '========(.)-(.)========'
ls -aRl /etc/ | awk '$1 ~ /^.....w/' 2>/dev/null    # Group
echo '========(.)-(.)========'
ls -aRl /etc/ | awk '$1 ~ /w.$/' 2>/dev/null    # Other
echo '========(.)-(.)========'
find /etc/ -readable -type f 2>/dev/null                   # Anyone
echo '========(.)-(.)========'
find /etc/ -readable -type f -maxdepth 1 2>/dev/null   # Anyone

echo '#########################
#     ENUM      LOGS    #
#########################'
echo '========(.)-(.)========'
ls -alh /var/log
echo '========(.)-(.)========'
ls -alh /var/mail
echo '========(.)-(.)========'
ls -alh /var/spool
echo '========(.)-(.)========'
ls -alh /var/spool/lpd
echo '========(.)-(.)========'
ls -alh /var/lib/pgsql
echo '========(.)-(.)========'
ls -alh /var/lib/mysql
echo '========(.)-(.)========'
cat /var/lib/dhcp3/dhclient.leases

echo '#########################
#    WEB SERVER ENUM    #
#########################'
echo '========(.)-(.)========'
ls -alhR /var/www/
echo '========(.)-(.)========'
ls -alhR /srv/www/htdocs/
echo '========(.)-(.)========'
ls -alhR /usr/local/www/apache22/data/
echo '========(.)-(.)========'
ls -alhR /opt/lampp/htdocs/
echo '========(.)-(.)========'
ls -alhR /var/www/html/
echo '#########################
#   LOG DATA  ENUM     2#
#########################'
echo '========(.)-(.)========'
cat /etc/httpd/logs/access_log
echo '========(.)-(.)========'
cat /etc/httpd/logs/access.log
echo '========(.)-(.)========'
cat /etc/httpd/logs/error_log
echo '========(.)-(.)========'
cat /etc/httpd/logs/error.log
echo '========(.)-(.)========'
cat /var/log/apache2/access_log
echo '========(.)-(.)========'
cat /var/log/apache2/access.log
echo '========(.)-(.)========'
cat /var/log/apache2/error_log
echo '========(.)-(.)========'
cat /var/log/apache2/error.log
echo '========(.)-(.)========'
cat /var/log/apache/access_log
echo '========(.)-(.)========'
cat /var/log/apache/access.log
echo '========(.)-(.)========'
cat /var/log/auth.log
echo '========(.)-(.)========'
cat /var/log/chttp.log
echo '========(.)-(.)========'
cat /var/log/cups/error_log
echo '========(.)-(.)========'
cat /var/log/dpkg.log
echo '========(.)-(.)========'
cat /var/log/faillog
echo '========(.)-(.)========'
cat /var/log/httpd/access_log
echo '========(.)-(.)========'
cat /var/log/httpd/access.log
echo '========(.)-(.)========'
cat /var/log/httpd/error_log
echo '========(.)-(.)========'
cat /var/log/httpd/error.log
echo '========(.)-(.)========'
cat /var/log/lastlog
echo '========(.)-(.)========'
cat /var/log/lighttpd/access.log
echo '========(.)-(.)========'
cat /var/log/lighttpd/error.log
echo '========(.)-(.)========'
cat /var/log/lighttpd/lighttpd.access.log
echo '========(.)-(.)========'
cat /var/log/lighttpd/lighttpd.error.log
echo '========(.)-(.)========'
cat /var/log/messages
echo '========(.)-(.)========'
cat /var/log/secure
echo '========(.)-(.)========'
cat /var/log/syslog
echo '========(.)-(.)========'
cat /var/log/wtmp
echo '========(.)-(.)========'
cat /var/log/xferlog
echo '========(.)-(.)========'
cat /var/log/yum.log
echo '========(.)-(.)========'
cat /var/run/utmp
echo '========(.)-(.)========'
cat /var/webmin/miniserv.log
echo '========(.)-(.)========'
cat /var/www/logs/access_log
echo '========(.)-(.)========'
cat /var/www/logs/access.log
echo '========(.)-(.)========'
ls -alh /var/lib/dhcp3/
echo '========(.)-(.)========'
ls -alh /var/log/postgresql/
echo '========(.)-(.)========'
ls -alh /var/log/proftpd/
echo '========(.)-(.)========'
ls -alh /var/log/samba/
echo '========(.)-(.)========'
ls -alh /var/log/auth.log
echo '========(.)-(.)========'
ls -alh /var/log/boot
echo '========(.)-(.)========'
ls -alh /var/log/btmp
echo '========(.)-(.)========'
ls -alh /var/log/daemon.log
echo '========(.)-(.)========'
ls -alh /var/log/debug
echo '========(.)-(.)========'
ls -alh /var/log/dmesg
echo '========(.)-(.)========'
ls -alh /var/log/kern.log
echo '========(.)-(.)========'
ls -alh /var/log/mail.info
echo '========(.)-(.)========'
ls -alh /var/log/mail.log
echo '========(.)-(.)========'
ls -alh /var/log/mail.warn
echo '========(.)-(.)========'
ls -alh /var/log/messages
echo '========(.)-(.)========'
ls -alh /var/log/syslog
echo '========(.)-(.)========'
ls -alh /var/log/udev
echo '========(.)-(.)========'
ls -alh /var/log/wtmp
echo '#########################
#     FILE SYSTEM ENUM  #
#########################'
echo '========(.)-(.)========'
mount
echo '========(.)-(.)========'
df -h
echo '========(.)-(.)========'
cat /etc/fstab
echo '#########################
# FIND WRITABLE   #
#########################'
echo '========(.)-(.)========FIND WRITABLE'
find / -writable -type d 2>/dev/null
echo '========(.)-(.)========FIND EXECUTEABLE'
find / -perm -222 -type d 2>/dev/null
echo '========(.)-(.)========'
find / -perm -o+w -type d 2>/dev/null
echo '========(.)-(.)========'
find / -perm -o+x -type d 2>/dev/null
echo '========(.)-(.)========'
find / \( -perm -o+w -perm -o+x \) -type d 2>/dev/null
echo '========(.)-(.)========'
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
echo '========(.)-(.)========'
find /dir -xdev \( -nouser -o -nogroup \) -prinT


echo '#########################
#    FIND INTERPRETERS  #
#########################'
echo '========(.)-(.)========'
find / -name perl*
echo '========(.)-(.)========'
find / -name python*
echo '========(.)-(.)========'
find / -name gcc*
echo '========(.)-(.)========'
find / -name cc

echo '#########################
#     TRANSFER METHODS  #
#########################'
echo '========(.)-(.)========'
find / -name wget
echo '========(.)-(.)========'
find / -name nc*
echo '========(.)-(.)========'
find / -name netcat*
echo '========(.)-(.)========'
find / -name tftp*
echo '========(.)-(.)========'
find / -name ftp


echo '#########################
# ADV LINUX PERM ENUM   #
#########################'
echo '========(.)-(.)========'
find / -perm -g=s -type f 2>/dev/null
echo '========(.)-(.)========'
find / -perm -1000 -type d 2>/dev/null
echo '========(.)-(.)========'
find / -perm -u=s -type f 2>/dev/null
echo '========(.)-(.)========'
find / -perm -g=s -o -perm -u=s -type f 2>/dev/null
echo '========(.)-(.)========'
for i in `locate -r "bin$"`; do find $i \( -perm -4000 -o -perm -2000 \) -type f 2>/dev/null; done

echo '*/*-=_+_G@m3 - 0v3r_+_=-*\*'
echo 'TH@NX 2 g0tm1lk 4 hiz 1337 b10G'