Here are some sensitive files in Linux that attackers might seek to exploit.
File | Description |
GRUB (/boot/grub) | Most commonly used bootloader package that loads the Linux kernel. |
/etc/passwd | List of all local accounts. |
/etc/shadow | Password hashes for all local accounts. |
/etc/group | List of all local groups. |
/etc/gshadow | Password hashes for local groups. |
/proc/cmdline | Kernel parameters. |
/etc/rc.* | Run commands. |
/etc/profile | Sets system-wide environment variables on user shells. |
/etc/hosts | Host-name-to-IP mappings—checked before DNS for name resolution. |
/etc/resolv.conf | Lists DNS servers for system to use. |
/etc/pam.d | Password and lockout policies. |
~/.bash_profile, ~/.bash_login, ~/.profile, /home/user/.bashrc, /etc/bash.bash.rc, /etc/profile.d | Possible locations to insert a script that will run when the shell starts. |
Note: For information on how to hack the GRUB bootloader, see https://null-byte.wonderhowto.com/how-to/hack-like-pro-linux-basics-for-aspiring-hacker-part-21-grub-bootloader-0154965/