One core principle of Linux is that everything is a file.
Therefore, it is crucial to keep this concept in mind and search, find and filter the appropriate files according to our requirements.
We should look for, find, and inspect several categories of files one by one. These categories are the following:
| Configuration files | Databases | Notes |
|---|---|---|
| Scripts | Cronjobs | SSH keys |
Configuration files are marked with the following three file extensions (.config, .conf, .cnf). —→ Might contain Creds
However, these configuration files or the associated extension files can be renamed, which means that these file extensions are not necessarily required. Furthermore, even when recompiling a service, the required filename for the basic configuration can be changed, which would result in the same effect. However, this is a rare case that we will not encounter often, but this possibility should not be left out of our search.
for l in $(echo ".conf .config .cnf");do echo -e "\\nFile extension: " $l; find / -name *$l 2>/dev/null | grep -v "lib\\|fonts\\|share\\|core" ;done
Optionally, we can save the result in a text file and use it to examine the individual files one after the other. Another option is to run the scan directly for each file found with the specified file extension and output the contents. In this example, we search for three words (user, password, pass) in each file with the file extension .cnf.
for i in $(find / -name *.cnf 2>/dev/null | grep -v "doc\\|lib");do echo -e "\\nFile: " $i; grep "user\\|password\\|pass" $i 2>/dev/null | grep -v "\\#";done
We can apply this simple search to the other file extensions as well. Additionally, we can apply this search type to databases stored in files with different file extensions, and we can then read those.
for l in $(echo ".sql .db .*db .db*");do echo -e "\\nDB File extension: " $l; find / -name *$l 2>/dev/null | grep -v "doc\\|lib\\|headers\\|share\\|man";done
we can often find notes about specific processes on the system. These often include lists of many different access points or even their credentials.
it is often challenging to find notes right away if stored somewhere on the system and not on the desktop or in its subfolders. This is because they can be named anything and do not have to have a specific file extension, such as .txt. Therefore, in this case, we need to search for files including the .txt file extension and files that have no file extension at all.
find /home/* -type f -name "*.txt" -o ! -name "*.*"