# What to do once obtained

List of files to check

* **/etc/passwd**
  * This is the first file and easiest to check since it probably won't have permission issues related with it
  * After being able to look at the valid users in the file, write them down and check their home directories for anything important if you can read it
* **/home/$USER/.ssh/id\_rsa**
  * Check for ssh keys for valid users (id >= 1000)
  * If there are any readable private keys, save to a file and then you can do **ssh -i privkey\_file user\@ip**
* **/etc/shadow**
  * This is usually world unreadable but you never know who is the one configuring the servers
  * If you are able to read, grab the hashes and store in a file for possible cracking

Other things to check

* **/proc/(pid)/cmdline**
  * Enumerate the processes running on the system with burpsuite or some other software
  * There might be a useful suspicious command running that may help you get into the system