Skip to main content
Once you have a shell on a Linux target, the goal is to understand what you have access to and escalate to root. These pages cover the standard privesc enumeration checklist and common post-exploitation tasks.

Privilege Escalation

SUID/SGID binaries, sudo misconfigs, cron jobs, writable paths, capabilities, kernel exploits, and enumeration tools (linpeas, pspy)

Post Exploitation

Credential hunting, lateral movement prep, persistence, and loot collection after root

First Things After Shell

Run these immediately on landing to orientate before going deeper: 
id && whoami                  # current user and groups
hostname && uname -a          # machine name and kernel version
cat /etc/os-release           # distro and version
ip a                          # network interfaces and internal subnets
ss -tlnp                      # listening ports (find internal services)
ps aux                        # running processes (look for interesting daemons)
cat /etc/passwd | grep -v nologin   # valid user accounts