System Info
Hostname
Hostname can give away a lot of information such as whether the system is a webserver, database or a domain controller.
OS Details
Next we gather info about the operating system,
Networking Information
Next step is to identify the various IP addresses assigned to the system and the various applications listening on different ports. Though you may have conducted a port scan from outside of the system, a lot of processes may listen on the loopback address - 127.0.0.1.
Firewalls & Access Permissions
Firewall access permissions are a crucial part of privilege escalation, since a system may not be accessible from a remote server due to the rules of the firewall it may well be accessible locally. It also serves for tunnelling and port forwarding for furthering the attack within the network.
In Linux the user has to have root privileges to access the iptables rules, hence it is not possible to get the rules directly. However, we may be able to get pieces of information by scouting around the commands and files in the etc directory.
Look for files firewall rules files that may be left around with weak permissions.
If the user had executed this command, then the rules of the firewall will be dumped into the file mentioned in that command.
Device Drivers & Kernel Modules
Similar to applications and services being susceptible to exploits, device drivers and kernels can pose flaws that can be exploited.
Once we have the list of loaded modules using the above command, we can gather more specific information using the following command,
Last updated