> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enumeration Checklist

> Linux privilege escalation enumeration: identity, system info, users, network, processes, cron, SUID, and writable directories.

## Identity

```bash theme={"dark"}
id
whoami
groups
```

***

## System Information

```bash theme={"dark"}
uname -a
cat /etc/os-release
cat /proc/version
hostnamectl
arch
```

***

## Users & Groups

```bash theme={"dark"}
cat /etc/passwd
cat /etc/passwd | grep -v nologin | grep -v false
cat /etc/group
last
w
```

### Users with Shell

```bash theme={"dark"}
grep -E '/bin/(bash|sh|zsh)' /etc/passwd
```

***

## Network

```bash theme={"dark"}
ip a
ip route
ss -tlnp
netstat -tlnp
cat /etc/resolv.conf
cat /etc/hosts
arp -a
```

***

## Running Processes

```bash theme={"dark"}
ps aux
ps aux | grep root
```

### Watch for Processes (pspy)

```bash theme={"dark"}
# Download pspy
https://github.com/DominicBreuker/pspy/releases

./pspy64
```

***

## Cron Jobs

```bash theme={"dark"}
crontab -l
ls -la /etc/cron*
cat /etc/crontab
systemctl list-timers
```

***

## SUID / SGID

```bash theme={"dark"}
find / -perm -4000 -type f 2>/dev/null
find / -perm -2000 -type f 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
```

***

## Capabilities

```bash theme={"dark"}
getcap -r / 2>/dev/null
```

***

## Sudo

```bash theme={"dark"}
sudo -l
sudo -V
```

***

## Writable Directories & Files

```bash theme={"dark"}
find / -writable -type d 2>/dev/null
find / -writable -type f 2>/dev/null | grep -v proc
```

### World-writable Files Owned by Root

`-writable` tests whether the *current user* can write (via `access()`), not the world-write bit. Use a permission test for actually world-writable files:

```bash theme={"dark"}
find / -perm -o+w -user root -type f 2>/dev/null | grep -v proc
```

***

## Installed Software

```bash theme={"dark"}
dpkg -l
rpm -qa
apt list --installed 2>/dev/null
```

***

## Drives & Mounts

```bash theme={"dark"}
df -h
mount
cat /etc/fstab
lsblk
```

***

## SSH Keys

```bash theme={"dark"}
find / -name "id_rsa" -o -name "id_ed25519" -o -name "authorized_keys" 2>/dev/null
ls -la /home/*/.ssh/
ls -la /root/.ssh/ 2>/dev/null
```

***

## Interesting Files

```bash theme={"dark"}
find / -name "*.conf" -o -name "*.config" -o -name "*.bak" -o -name "*.old" -o -name "*.txt" 2>/dev/null | grep -v proc | grep -v sys
```

### History Files

```bash theme={"dark"}
cat ~/.bash_history
cat ~/.zsh_history
find / -name "*history" -type f 2>/dev/null
```

### Config Files with Passwords

```bash theme={"dark"}
grep -ri "password" /etc/ 2>/dev/null
grep -ri "pass" /var/www/ 2>/dev/null
grep -ri "DB_PASSWORD" / 2>/dev/null | grep -v proc
```

***

## Kernel Exploit Check

```bash theme={"dark"}
uname -r
cat /proc/version
```

Compare against known exploits.

***

## Docker / LXD

```bash theme={"dark"}
id | grep -i docker
id | grep -i lxd
ls -la /var/run/docker.sock
```
