Course

In this lab, you will be logging in with the username `pentesterlab` and the password `pentesterlab`. The challenge focuses on identifying a common mistake where users accidentally type their passwords directly into the shell instead of at a password prompt. This mistake leaves passwords visible in the `.bash_history` file, which records all commands run in the shell.

You will learn to use the `grep` command to search through `.bash_history` files for instances of the `passwd` command, which is often followed by the mistakenly typed password. By leveraging the `-A` option in `grep`, you can capture the line following the `passwd` command. To refine your search and avoid false positives from lines containing `/etc/passwd`, you can use the caret `^` to match lines starting specifically with `passwd`. Wrapping this in a `find` command, you will automate the process, searching through multiple user directories efficiently.