User Enumeration

Step 1:

whoami

or

id

uid=

gives us an idea which group we’re part of

Step 2:

what sudo commands can we run?

sudo -l

we have a few sudos we can run without password required! We can create new files with nano or vim (in the list/screenshot)!!

sudo nano

Step 3:

history

Step 4:

find users:

cat /etc/passwd

used to hold passwords, now passwords are replaced with x

Root towards the top and users are towards the bottom

make it shorter/cleaner:

cat /etc/passwd | cut -d : -f 1

cut on the (-d)elimiter on a (-f)ield of 1

field of one explained:

TCM:x:1000:1000:user,,,:/home/user:/bin/bash

field1:field2:field3:field4:field5:field6:field7

Step 5:

Sensitive files:

cat /etc/shadow

group file:

cat /etc/group

To switch users:

sudo su -