[FILE SYSTEM]
DESCRIPTION: Collection of files on Windows and Linux OS with valuable information, for defenders to protect or attackers to retrieve.
LINUX
/etc/passwd | >>> contains information regarding registered system users. /etc/shadow | >>> stores actual password in encrypted format (hash). /etc/group | >>> contains information regarding the groups stored in the system. /etc/fstab | >>> contains the description of what disk devices are available at the specific mount points. /etc/hosts | >>> contains host names and their corresponding IP addresses used for name resolution for a local DNS. /etc/crontab | >>> parent shell script to run commands periodically. (hourly, daily, weekly, and monthly). /etc/bash.bashrc | >>> shell script that configures bash, create alias, functions, prompt settings & more. /etc/resolv.conf | >>> list of domain name servers (DNS) used by the local machine. /etc/profile | >>> contains linux system wide environment and startup programs (environmental PATH). /etc/sudoers | >>> file permissions that tells sudo that users run what commands. /etc/yum.conf | >>> yum configuration file. /etc/motd | >>> “Message Of The Day”, file that contains the message the users gets at login. /etc/issue | >>> information about the OS (release version and/or kernel info). /var/log/messages | >>> contains different logs generated during the boot process. /proc/net/arp | >>> get ARP table /proc/meminfo | >>> memory usage related information. /proc/version | >>> collect the information of the OS. /proc/cpuinfo | >>> cpu usage related information. /proc/mount | >>> mounted file systems drives info. /proc/stat | >>> detailed statistics of the system.WINDOWS
%SYSTEMROOT%\System32\drivers\etc\hosts | >>> local DNS entries. %SYSTEMROOT%\System32\drivers\etc\networks | >>> network configuration. %SYSTEMROOT%\System32\config\SAM | >>> user and passwords saved in hash format. %SYSTEMROOT%\repair\SAM | >>> backup copy of SAM file. %SYSTEMROOT%\System32\config\RegBack\SAM | >>> another backup copy of SAM file. %SYSTEMROOT%\Prefetch | >>> prefetch dir [.exe logs] %SYSTEMROOT%\System32\ntds.dit | >>> active directory database. %SYSTEMROOT%\NTDS\ntds.dit | >>> active directory backup %WINDIR%\system32\config\AppEvent.Evt | >>> application logs C:/system32/inetsrv/metabase.xml | >>> TBA C:/boot.ini | >>> TBA C:/inetpub/logs/logfiles | >>> TBA C:/inetpub/wwwroot/web.config | >>> TBANote: %SYSTEMROOT% and %WINDIR% are environmental paths used in Windows OS, both, represents the C:\Windows directory.
©® - Since 2023