historywe can see some passwords in plaintext
password123
from this screenshot^
you can also cat the bash history. In root folder:
ls -lathere’s bash history
cat .bash_historychange to root from the password we found:
su root
password123passwords in present directory:
find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;Towards the end:
We find the bash history but we also find a password321. This was the old lab
we can use automated tools:
LinPEAS/LinEnum
what we have right in front of us. Root folder has a vpn file. If we cat it:
cat myvpn.ovpnwe get:
auth-user-pass /etc/openvpn/auth.txtCat that file out:
cat /etc/openvpn/auth.txt
We get the old lab password
Make commands easier:
history | grep pass
only 4 lines now
He likes reading the entire history though because it can show you permissions and sensitive files