Adding in a few more account discovery techniques

2018-01-02 16:03:14 -05:00
parent 68e5c6c5ab
commit e7d731615e
1 changed files with 20 additions and 0 deletions
@@ -6,6 +6,22 @@ List of all accounts:

    cat /etc/passwd

+List local groups:
+
+     cat /etc/group > /tmp/loot.txt
+
+View sudoers access (requires root):
+
+    cat /etc/sudoers > /tmp/loot.txt
+
+View accounts with UID 0:
+
+    grep 'x:0:' /etc/passwd > /tmp/loot.txt
+
+List opened files by user:
+
+    username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
+
 Currently logged in:

 Local:
@@ -15,3 +31,7 @@ Local:
 Remote:

    finger @<computer_name>
+
+Show if a user account has ever logged in remotely:
+
+    lastlog > /tmp/loot.txt