Files of Interest

If you can gain access to a Linux system, the following files or directories are of high interest and could be used for information gathering or priv esc.

/etc/shadow- Includes hashed passwords

/tmp - Temporary files produced by the system and applications

/etc/passwd - List of accounts

/etc/sysctl.conf - Kernel parameters (editable)

/etc/hostname - Contains system hostname

/etc/resolv.conf - Common location of DNS configuration

/etc/systemd/resolved.conf - Another possible DNS configuration file

/etc/fstab - Disk and filesystem configuration

/etc/group - Group memberships

/etc/hosts - Static DNS mappings

/var/log/syslog - System messages

/var/log/auth.log - Authentication messages

/var/log/kern.log - Kernel messages

/var/log/dmesg - Kernel messages from boot

/proc/ - Information about running processes and the kernel

/dev/ - Storage devices

/opt/ - Optional software packages

/usr/ - User related files

/home/ - User home folders

/etc/os-release - Information about the operating system/distro

/proc/cpuinfo - Information about the CPU (also try the lscpu command)

/proc/uptime - Information about system uptime. The first number (everything before the first .) represents the number of seconds since boot.

/proc/meminfo - Information about RAM

/sys/kernel/oops_count - Number of kernel panics

Linux Filesystem Structure