πŸ”§Services & Internals Enumeration

🎯 Overview

Deep enumeration of running services, internal processes, user activities, and system internals to identify privilege escalation vectors and attack opportunities.

🌐 Network Internals

Network Interfaces & Connectivity

# Network interfaces (pivot opportunities)
ip a
ifconfig -a

# Hosts file analysis
cat /etc/hosts

# Check for internal networks and additional interfaces

πŸ‘₯ User Activity Analysis

Login History & Current Users

Look for:

  • Active admin users

  • Login patterns and timing

  • Remote connections (SSH sessions)

  • Shared accounts

Command History Investigation

Search for Sensitive Commands:

⏰ Scheduled Tasks & Automation

Cron Job Enumeration

Analysis Points:

  • Scripts running as root

  • Writable paths in cron jobs

  • File permission issues

  • Backup scripts with credentials

πŸ“¦ Installed Software & Packages

Package Analysis

GTFObins Cross-Reference

πŸ” Process & Service Analysis

Running Processes

Process Investigation

πŸ“ Configuration & Script Discovery

Configuration Files

Script Discovery

πŸ” System Internals

/proc Filesystem Analysis

File System Details

πŸ› οΈ Available Tools Assessment

Development Tools

Useful Binaries for Privesc

πŸ“Š Quick Enumeration Script

🎯 Key Targets to Identify

High-Value Information

  • Active admin sessions - Target for credential stealing

  • Vulnerable services - Running as root with known CVEs

  • Scheduled tasks - Cron jobs with misconfigurations

  • Config files - Containing passwords or sensitive data

  • Development tools - Compilers for exploit compilation

  • Network tools - For lateral movement and pivoting

Attack Vector Prioritization

  1. SUID/SGID binaries with GTFObins entries

  2. Root processes with configuration vulnerabilities

  3. Writable cron jobs or scripts executed by root

  4. Readable config files with embedded credentials

  5. Development environments with compilation capabilities

Services and internals enumeration reveals the operational heartbeat of the system - identifying running processes, user activities, and system configurations that can be leveraged for privilege escalation.

PreviousEnvironment EnumerationNextCredential Hunting

Last updated