HARDCODED CREDENTIALS
#identify system users
www-data@target:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
robert:x:1000:1000:robert:/home/robert:/bin/bash
* this will identify users on the system
www-data@target:~$ ls /home
robert
www-data@target:~$ ls /home/robert
...
#scan for hardcoded credentials
root@oco:~$ find /var/www/html/ -type f -exec grep -iwl "robert" {} + 2>/dev/null
</ -type f -exec grep -iwl "robert" {} + 2>/dev/null
/var/www/html/cdn-cgi/login/db.php
* the + instructs the cmd to find batches multiple files into a single command execution, making it much faster.
- is used to optimized execution (batches multiple files into one grep call for speed).
* the -w ensures a strict search for only the exact word "robert"
* -i is used for Case-insensitive search (robert, ROBERT, Robert all match).
* -l will only lists filenames (faster if you just need to know where "robert" appears).
* {} is a placeholder for found files.
root@oco:~$ cat /var/www/html/cdn-cgi/login/db.php
<?php
$conn = mysqli_connect('localhost','robert','M3g4C0rpUs3r!','garage');
?>Last updated