📁 Common File Locations (Linux & Windows)
Frequently useful paths for looting credentials, configs, and logs.
➡️ Environment: See 00_environment_setup
🐧 Linux
🔑 Credentials
/etc/passwd
/etc/shadow
/home/*/.ssh/id_rsa
/home/*/.bash_history📜 Configs
/etc/ssh/sshd_config
/etc/crontab
/etc/sudoers
/var/www/html/config.php📘 Logs
/var/log/auth.log
/var/log/syslog
/var/log/apache2/access.log🪟 Windows
🔑 Credentials
C:\Users\<user>\AppData\Roaming\Microsoft\Credentials
C:\Windows\System32\config\SAM🗃️ Registry Locations
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run📦 Config / Loot
C:\ProgramData\*.xml
C:\Users\<user>\Desktop\Passwords.txt
C:\Users\<user>\Documents\Notes.docxNext: 14_report_template