# Information Gathering

### 1. Network & System Information <a href="#id-1.-network-and-system-information" id="id-1.-network-and-system-information"></a>

* **Network Configuration:**
  * `ip a`&#x20;
  * `ip route`&#x20;
  * `ifconfig -a`&#x20;
  * `route -n` &#x20;
* **Service Information:**
  * `ss -tulpn`&#x20;
  * `netstat tulpn`&#x20;
  * `lsof -i`&#x20;
  * `ps aux`&#x20;
  * `ps axfj`
* **System Info:**
  * `uname -a`&#x20;
  * `uname -r`&#x20;
  * `cat /etc/os-release`&#x20;
  * `hostname`&#x20;
  * `arch`&#x20;
  * `cat /proc/version`&#x20;
  * `cat /etc/issue`&#x20;

### **2. File Search** <a href="#id-2.-user-and-privilege-enumeration" id="id-2.-user-and-privilege-enumeration"></a>

Searching the target system for important information and potential privilege escalation vectors can be fruitful. The built-in `find` command is useful and worth keeping. Some examples are given below:

* `find . -name flag1.txt`: find the file named “flag1.txt” in the current directory
* `find /home -name flag1.txt`: find the file names “flag1.txt” in the /home directory
* `find / -type d -name config`: find the directory named config under “/”
* `find / -type f -perm 0777`: find files with the 777 permissions (files readable, writable, and executable by all users)
* `find / -perm a=x`: find executable files
* `find /home -user frank`: find all files for user “frank” under “/home”
* `find / -mtime 10`: find files that were modified in the last 10 days
* `find / -atime 10`: find files that were accessed in the last 10 day
* `find / -cmin -60`: find files changed within the last hour (60 minutes)
* `find / -amin -60`: find files accesses within the last hour (60 minutes)
* `find / -size 50M`: find files with a 50 MB size
* `find / -writable -type d 2>/dev/null` : Find world-writeable folders
* `find / -perm -222 -type d 2>/dev/null`: Find world-writeable folders
* `find / -perm -o w -type d 2>/dev/null`: Find world-writeable folders
* `find / -perm -o x -type d 2>/dev/null` : Find world-executable folders


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gokulkarthik.gitbook.io/pentesting-checklist/linux/linux-privilege-escalation/information-gathering.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.