In this lab, you will be logging in with the username pentesterlab and the password pentesterlab. The challenge focuses on identifying a common mistake where users accidentally type their passwords directly into the shell instead of at a password prompt. This mistake leaves passwords visible in the .bash_history file, which records all commands run in the shell.
You will learn to use the grep command to search through .bash_history files for instances of the passwd command, which is often followed by the mistakenly typed password. By leveraging the -A option in grep, you can capture the line following the passwd command. To refine your search and avoid false positives from lines containing /etc/passwd, you can use the caret ^ to match lines starting specifically with passwd. Wrapping this in a find command, you will automate the process, searching through multiple user directories efficiently.