Unix and Linux Enumeration

Unix and Linux Enumeration

Linux and Unix systems are no different from Windows systems and can be enumerated as well. The difference lies in the tools and the approach. In this section you will take a look at a handful of the tools that have proven useful in exploring these systems.

finger

The finger command is designed to return information about a user on a given system. When executed it returns information such as the user’s home directory, login time, idle times, office location, and the last time they both received or read mail. The command line for the finger command looks like this:

finger <switches> username

Switches that can be used with the finger command include the following:
■ -b removes the home directory and shell from the user display.
■ -f removes header information from the display.
■ -w removes the full name from the display.
■ -l returns the list of users.

pcinfo

The rpcinfo command enumerates information exposed over the Remote Procedure Call (RPC) protocol.
The command line for rpcinfo looks like this:

rpcinfo <switches> hostname

Switches that can be used with rpcinfo include the following:
■ -m displays a list of statistics for RPC on a given host.
■ -s displays a list of registered RPC applications on a given host.

showmount

The showmount command lists and identifies the shared directories present on a given system. showmount displays a list of all clients that have remotely mounted a file system.

The command line for showmount looks like this:

/usr/sbin/showmount [- ade ] [hostname]

Switches that can be used with showmount include the following:
■ -a prints all remote mounts.
■ -d lists directories that have been remotely mounted by clients.
■ -e prints the list of shared file systems.

Enum4linux

One tool worth looking at is enum4linux, which allows for the extraction of information
through samba.
So first, what is samba? Per samba.org, the software is described as:

…software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server.
Enum4linux allows for extraction of information where samba is in use. Information that can be returned includes the following:
■ Group membership information
■ Share information
■ Workgroup or domain membership
■ Remote operating system identification
■ Password policy retrieval


For any query or issue, feel free to discuss on http://discuss.eduguru.in