Here are some sensitive files in Linux that attackers might seek to exploit.



GRUB (/boot/grub)

Most commonly used bootloader package that loads the Linux kernel.


List of all local accounts.


Password hashes for all local accounts.


List of all local groups.


Password hashes for local groups.


Kernel parameters.


Run commands.


Sets system-wide environment variables on user shells.


Host-name-to-IP mappings—checked before DNS for name resolution.


Lists DNS servers for system to use.


Password and lockout policies.

~/.bash_profile, ~/.bash_login, ~/.profile, /home/user/.bashrc, /etc/bash.bash.rc, /etc/profile.d

Possible locations to insert a script that will run when the shell starts.

Note: For information on how to hack the GRUB bootloader, see