Host Enumeration

Overview

These commands are typically used during the post-exploitation phase of information gathering. Once access to a host is obtained, further information about the target itself is required for persistence and privilege escalation

Linux Host Enumeration

# listening ports
ss -tulnp

# view commands that this account has access to
# anything with NOPASSWD could be an avenue for privilege escalation
sudo -l

# scheduled tasks
crontab -l

Windows Host Enumeration

# view listening ports with service PID
netstat -ano

# search running tasks for specific PID
tasklist | findstr <pid>

# view netwrok configuration
ipconfig /all

# scheduled tasks
schtasks