Credential Hunting in Linux
Files
# Configuration Files
# Find Configuration Files
for l in $(echo ".conf .config .cnf");do echo -e "\\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\\|fonts\\|share\\|core" ;done
# searching user,password,pass strings in configuration files
for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc\\|lib");do echo -e "\\nFile: " $i; grep "user\\|password\\|pass" $i 2>/dev/null | grep -v "\\#";done
# Databases
# Find databases files
for l in $(echo ".sql .db .*db .db*");do echo -e "\\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\\|lib\\|headers\\|share\\|man";done
# Notes
find /home/* -type f -name "*.txt" -o ! -name "*.*"
# Scripts
# Find Scripts with different Extensions
for l in $(echo ".py .pyc .pl .go .jar .c .sh");do echo -e "\\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\\|lib\\|headers\\|share";doneCronjobs
SSH Keys
History
Logs
Many different logs exist on the system. These can vary depending on the applications installed, but here are some of the most important ones:
/var/log/messages
Generic system activity logs.
/var/log/syslog
Generic system activity logs.
/var/log/auth.log
(Debian) All authentication related logs.
/var/log/secure
(RedHat/CentOS) All authentication related logs.
/var/log/boot.log
Booting information.
/var/log/dmesg
Hardware and drivers related information and logs.
/var/log/kern.log
Kernel related warnings, errors and logs.
/var/log/faillog
Failed login attempts.
/var/log/cron
Information related to cron jobs.
/var/log/mail.log
All mail server related logs.
/var/log/httpd
All Apache related logs.
/var/log/mysqld.log
All MySQL server related logs.
Memory and Cache
Browsers
Last updated