When we first enter a server, it’s like entering a dark room with no light switch. You will be poking around until you find something that will lead you to the treasure. Of course you can do this all by yourself, you can make a list of priv esc techniques and commands to look for clues regarding them but there are tools that do this to a degree already. One of these tools is enum4linux.
Our first challenge is to get the darn thing onto our target machines because often they will be connected to a private network which we can access over VPN but the machines themselves might be cut off from the internet completely but this does not have to mean the end because you are connected to the internet and you can download scripts.
Enum4linux is a perl script which does mean that your target computer needs to run perl, after you download it to your local machine with “wget https://gitlab.com/kalilinux/packages/enum4linux/-/raw/kali/master/enum4linux.pl” you can start up a simple http server with the python module:
python3 -m http.server
python -m SimpleHTTPServer
We can then simply use one of the download methods outlined in the download methods section to grab the file from our local machine to our target.
On the target for example
Now that we have our script we can run it.
This will give you a bunch of information about the system you are on, including some possible avenues of attack (such as cronjobs, timers, SUID bits, …) but it’s up to you to actually exploit anything.