source 😽
-
reused passwords
-
credentials from configuration files
-
credentials from local db
-
credentials from bash history
-
ssh keys
-
sudo access
-
group privileges (docker, LXD, etc)
-
services running on localhost
-
kernel version
-
binary file versions
-
cron jobs
-
writeable cron job
-
writeable cron job dependency (file, python library, etc)
-
-
SUID/SGID files
-
interesting capabilities on binary
-
sensitive files - writeable
-
/etc/passwd
-
/etc/shadow
-
/etc/sudoers
-
configuration files
-
-
sensitive files - readable
-
/etc/shadow
-
/root/.ssh/id_rsa (ssh private keys)
-
-
writeable PATH
-
root $PATH variable
-
directory in PATH is writeable
-
-
LD_PRELOAD set in /etc/sudoers