Some useful Linux command for your Penetration Testing
What version of the system?
What is its kernel version?
What is the environment variables?
Is there a printer?
What services are running? What kind of service has what user rights?
Which services have root privileges? These services you look at those loopholes, to re-check!
Service settings, there is any wrong allocation? Are there any (vulnerable) plugins?
What are the work plans on the host?
What are the plain text user names and passwords that may be on the host?
NIC (s), the system which? Which network is it connected to?
What are the network configuration settings? What kind of server in the network? DHCP server? DNS server? Gateway?
Other users host communication with the system?
Cache? IP and / or MAC address?
Packet may sniff it? Can see what? Monitor traffic
How to port forwarding?
Who are you? Which id login? Who is logged in? Who else is here? Who can do what?
What can be found in sensitive documents?
What interesting files are in home / directorie (s)? If you have permission to access
Are there any passwords, scripts, databases, configuration files, or log files? Password The default path and location
What has the user done? Is there any password? Do they have anything to edit?
You can find what kind of user information
Private key Can information be found?
Which users can write configuration files in /etc/? Ability to reconfigure services?
What can be found on /var/?
Any hidden configuration / files on the site? Profile and database information?
What’s in the log file? (What can help with “local file inclusion”?)
In which directories can be written and executed? Several “common” directories: /tmp directory, /var/, /dev/shm directory
Any “problem” files?
What development tools/languages/support are installed?
How do I upload a file?