crenditial hunting in linux

1

Searching for configuration files

The most crucial part of any system enumeration is to obtain an overview of it. Therefore, the first step should be to find all possible configuration files on the system, which we can then examine and analyze individually in more detail. There are many methods to find these configuration files, and with the following method, we will see we have reduced our search to these three file extensions.

for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done

2

Search inside config files for keywords

for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc|lib"); do echo -e "\nFile: $i" grep "user|password|pass" $i 2>/dev/null | grep -v "#" done

3

Databases

find / -type f -name "*.sh"

for l in $(echo ".sql .db .*db .db*"); do
  echo -e "\nDB File extension: $l"
  find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share\|man"
done

4

Notes (txt & extensionless files)

find /home/* -type f -name "*.txt" -o ! -name "*.*"

5

Scripts (highly sensitive)

for l in $(echo ".py .pyc .pl .go .jar .c .sh"); do
  echo -e "\nFile extension: $l"
  find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share"
done

6

Cronjobs

cat /etc/crontab

ls -la /etc/cron.*/

7

Command History

tail -n5 /home/*/.bash*

8

LOGS

for i in $(ls /var/log/* 2>/dev/null); do 
  GREP=$(grep "accepted\|session opened\|session closed\|failure\|failed\|ssh\|password changed\|new user\|delete user\|sudo\|COMMAND=" $i 2>/dev/null)
  if [[ $GREP ]]; then
    echo -e "\n#### Log file: $i"
    grep "accepted\|session opened\|session closed\|failure\|failed\|ssh\|password changed\|new user\|delete user\|sudo\|COMMAND=" $i 2>/dev/null
  fi
done

9

MEMORY AND CACHE EXTRACTION

sudo python3 mimipenguin.py

10

LaZagne (Linux version)

sudo python2.7 laZagne.py all

python3 laZagne.py browsers

11

SSH

find / -name "id_rsa"

12