Jimmy Astle
34 lines
556 B
Markdown
34 lines
556 B
Markdown
# Account Discovery
|
|
|
|
MITRE ATT&CK Technique: [T1087](https://attack.mitre.org/wiki/Technique/T1087)
|
|
|
|
List of all accounts:
|
|
|
|
cat /etc/passwd
|
|
|
|
View sudoers access (requires root):
|
|
|
|
cat /etc/sudoers > /tmp/loot.txt
|
|
|
|
View accounts with UID 0:
|
|
|
|
grep 'x:0:' /etc/passwd > /tmp/loot.txt
|
|
|
|
List opened files by user:
|
|
|
|
username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
|
|
|
|
Currently logged in:
|
|
|
|
Local:
|
|
|
|
finger
|
|
|
|
Remote:
|
|
|
|
finger @<computer_name>
|
|
|
|
Show if a user account has ever logged in remotely:
|
|
|
|
lastlog > /tmp/loot.txt
|