In the early 90’s GNU/Linux systems consisted of little more than a beta – quality Linux kernel and a small collection of software ported from the GNU project. It was a true hacker’s operating system. There were no CD?ROM’s or GUI installation tools; everything had to be compiled and configured by the end user.
Like all penetration testing, an Social Engineering Attack begins with Footprinting activity and reconnaissance. The more information you collect about the target organization, the more options become available to you.
Passive reconnaissance always involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave.
However, it’s usually done using Internet searches or by Googling an individual or company to gain information. This process is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods.
Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: A hacker watches the flow of data to see what time certain transactions take place and where the traffic is going.
Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This usually involves more risk of detection than passive reconnaissance and is sometimes called
rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion.
Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it’s usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability to gain more access.
[#1] uname -a command gives you information related to kernel name, network node, release version, hardware name/platform, processor type and operating system name.
[#2] cat /etc/*-release command gives you the information about the version of Linux distro you are running.
[#3] cat /proc/version command shows the kernel version and gcc version used to build the same.
[#4] cat /etc/profile command is used to set the system wide environmental variables on user shells.
[#5] cat .profile command is used to print users shell on linux system.
[#6] cat ps -aux command basically lists the process id number(PID), CPU usage, Memory usage, tota CPU time for each process on the system.
[#7] ls -al /usr/bin command lists the content of /usr/bin directory.
[#8] mysql -v command is used to display the MySQL terminal in verbose mode wheres as -V will gives you the version of MySQL server.
[#9] apache2 -v command gives the information of the apache2 server.
[#10] cat /etc/sysctl.conf command is used to display the contents of sysctl.conf file which is a simple file containing sysctl values to be read in and set by sysctl.
sysctl is an interface that allows you to make changes to a running Linux kernel. With /etc/sysctl.conf you can configure various Linux networking and system settings.
[#11] crontab -l command is used for displaying the crontab file if available which is used for executing commands at specific date and time.
[#12] cat /etc/sudoers command is used to display the contents of sudoers file which used to allocate system rights to system users.
sudoers file contains the information regarding privileges for different users and groups of our server. It is one of the most important files in the system and needs to be handled with care.
[#13] cat /etc/passwd command is used to display the contents of passwd file which is used to keep track of every registered user that has access to a system.
The /etc/passwd file is a colon-separated file that contains the following information:
- User name
- Encrypted password
- User ID number (UID)
- User’s group ID number (GID)
- Full name of the user (GECOS)
- User home directory
- Login shell
And if you want to filter out a single user then the command is: cat /etc/passwd | grep root
[#14] cat /etc/shadow file is the actual file which stores the actual password in encrypted format for user’s account with additional properties related to user password.
And for single extraction, then the command is: cat /etc/shadow | grep root
[#15] cat /var/lib/mysql/mysql/user.MYD command is used to display the contents of user.MYD which stores the password hashes and the databases on a linux system.
[#16] cat /etc/apache2/apache2.conf file is the default main Apache Server configuration file which contains the configuration directives that give the server its instructions.
[#17] python –version command gives the installed version of Python on the system.
[#18] gcc -v command is used for obtaining the information of gcc compiler.
The GNU Compiler Collection is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU tool chain and the standard compiler for most Unix-like operating systems.
[#19] ifconfig -a command gives the information of all network interfaces on the system (not just the ones that are currently active).
[#20] route command is used for displaying current contents of the routing tables.
[#21] cat /etc/resolv.conf is the name of a computer file used in various operating systems to configure the system’s Domain Name System (DNS) resolver.
The file is a plain-text file usually created by the network administrator or by applications that manage the configuration tasks of the system.
[#22] hostname command is used for displaying the current hostname or domain name of computer i.e uniquely identifiable on a network.
[#23] netstat -antup command is helpful for display information related to network connections, both incoming and outgoing , routing tables, interface statistics security issues connections and so on .
Netstat command supporting in Linux, Unix as well as the windows Operating system.
[#24] iptables -L command lists out the current rules in iptables.
[#25] cat /etc/ssh/ssh_config file is the system-wide configuration file for OpenSSH which allows you to set options that modify the operation of the client programs.