3.Credential-hunting
Credential Hunting
find /var/www/ -type f -name "*.php" -exec grep -iE 'DB_USER|DB_PASSWORD|password|user|pass' {} \; 2>/dev/null
find /var/mail/ -type f -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find /var/spool/ -type f -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / ! -path "*/proc/*" -iname "*config*" -type f 2>/dev/null -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / -type f -name "*.conf" -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / -type f -name "*.xml" -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / -type f -name "*.bak" -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / -type f -name "*.sql" -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
find / -type f -name "*.txt" -exec grep -iE 'password|user|pass' {} \; 2>/dev/null
grep -iE 'password|user|pass' ~/.bash_history
grep -iE 'password|user|pass' ~/.ssh/known_hostsSSH Keys
ls ~/.ssh/
cat ~/.ssh/known_hosts
find /home/ -name id_rsa 2>/dev/null
find /root/ -name id_rsa 2>/dev/nullLast updated