Inspecting User Trails
- Inspecting Environment Variables
env
- Inspecting .bashrc
cat ~/.bashrc
Inspecting Service Footprints
- Harvesting Active Processes for Credentials
watch -n 1 "ps -aux | grep pass"
- Using tcpdump to Perform Password Sniffing
sudo tcpdump -i lo -A | grep "pass"