ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Current User
  • All Users
  • Groups

Was this helpful?

  1. Linux
  2. System Ops
  3. Users & Groups

Enumerate

Current User

whoami

Displays the user name of the user running the command.

sudo -l

May be configured to allow users to run some commands with root privileges.

id

Shows a user's privileges and group membership.

groups

Displays the current user's groups.

finger

Provides detailed information for the current user (if installed).

logname

Shows the username of the user who initiated the session.

env

Lists all environment variables associated with the current user's shell session.

echo $USER

Prints the username.

echo $HOME

Displays the user's home directory path.

echo $SHELL

Shows the user's default login shell.

history

Displays previously executed commands from the last terminal session.

All Users

cat /etc/passwd

Lists user accounts.

grep <pattern> /etc/passwd

Search /etc/password for pattern.

id <username>

Shows user and group IDs for a user.

finger <username>

Provides user details (may not be installed by default).

users

Displays logged-in users.

who

Display currently logged-in users.

w

Display who is logged in and what they are doing.

last

Lists last logged-in users (/var/log/wtmp).

lastb

List last bad login attempts (/var/log/btmp).

lastlog

Shows the last login time for users.

cat /etc/sudoers

Display sudo configuration.

groups <username>

Lists groups for a user.

compgen -u

Lists usernames (bash built-in).

getent passwd

Entries from passwd database similar to /etc/passwd, but includes network-based user databases.

passwd -s <username>

Info about a user's password status (locked, expired, etc.) (requires root privileges).

Extract just usernames from the /etc/passwd file:

awk -F ':' '{print $1}' /etc/passwd

Groups

cat /etc/group

Lists groups.

cat /etc/sudoers

Sudo configuration.

groups

Current user's groups.

groups <username>

Lists groups for a user.

compgen -g

Lists group names (bash built-in).

id

Shows the current user's group IDs.

id <username>

Shows the user's group IDs for a specific user.

grep <pattern> /etc/group

Search /etc/groups by patterns.

getent group

Group entries from databases similar to /etc/group, but includes network-based group databases.

Extract just group names from the /etc/group file:

awk -F ':' '{print $1}' /etc/group
PreviousUsers & GroupsNextModify

Last updated 1 year ago

Was this helpful?

🐧