Exploitable Kernel Detection
uname -a
cat /proc/version
cat /etc/*release
sudo --version
sudo -l (if you have user's password)
ls -lha /etc/passwd
ls -lha /etc/shadow
cat /etc/crontab
netstat -antup
netstat -tulpn
ls -lahR /home/
ls -lahR /var/
find / -iname secret
find / -iname password
/home
/srv
/opt
/media
/mnt
/var
/var/www
/etc/apache2
Look processes with root privileges.
ps aux | grep root (or another user)
# https://gtfobins.github.io/
# https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/
find / -perm -u=s -type f 2>/dev/null
