1. Auto Scripts
   1. run linuxprivchecker.py if you're really stuck
   2. run LINPEAS
   3. run LSE
2. Figure Out unsername, groups, OS, & Kernel Versions
   1. whoami
      1. whoami | id
   2. groups
      1. groups getent group <name of group> # liste all members
   3. OS & Kernel version
      1. cat /etc/issue cat /proc/version hostname uname -a
3. Sudo -l
   1. When this command is executed in the context of a user that is part of the sudo group, the output of
4. Check Services Running as root
   1. ps aux | grep root
5. world writables & Files
   1. find / -writable -type d 2>/dev/null # world-writeable folders find / -perm -222 -type d 2>/dev/null # world-writeable folders find / -perm -o w -type d 2>/dev/null # world-writeable folders find / -perm -o x -type d 2>/dev/null # world-executable folders find / \( -perm -o w -perm -o x \) -type d 2>/dev/null # world-writeable & executable folders
   2. user files
   3. readable backups
   4. writable service files
   5. hidden files
   6. sensitive files
      1. backup folder, .bash_history files, /srv directory
6. config files &web config files web configs files may have password
   1. config files /etc ls -ls /etc/ | grep .conf
   2. web dir config files ls -ls /var/www/html
7. SUID
   1. find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null
   2. Run "strace" on binary to check for missing ".so" files that we can create.
   3. Run "strings" on binaries to check for functions used by the binary that can be taken over
8. password keys
   1. script rescults
   2. Home directoties
9. cron jobs
   1. cat /etc/ crontab crontab -l
10. NFS
    1. enumerate unmounted disks