Practical Web Penetration Testing
上QQ阅读APP看书,第一时间看更新

System info commands

This section will be very useful in the post-exploitation phase.

Suppose that you just escalated your privileges on a Linux box; how can you know if you're really an admin? Just execute the id command, and you'll get the results. Don't underestimate this section! Review it carefully, and see the commands that you can take advantage of during the post-exploitation phase on a Linux machine:

  • To show the current host uptime, use the following:
uptime
  • To show who's logged in, use the following:
w
whoami
  • To show who you are (as a user), use the following:
id
  • To display information about a user, use the following:
finger [user name]
  • To show kernel information, use the following:
uname -a
  • To show CPU information, use the following:
cat /proc/cpuinfo
  • To show memory information, use the following:
cat /proc/meminfo
  • To show disk usage, use the following:
df
  • To show memory and swap usage, use the following:
free
  • To search all of the commands that were previously executed, use the following:
history 
  • To detect the GPU model, use the following:
lspci | grep VGA