Searching!!

There are many ways to search for content. Below are some of the effective ways to search for the content or file.

Using Grep

 grep -ri -C 2 -E 'password|user' <Folder or files name>
 
#  grep -Ei "credential|user|password|username|secure" *.ps1

# Example in which line number of matching value is displayed.
cat shell.php | grep -ni "changed this"

# Example:
# grep -ri -C 2 -E 'password|user' joomla/

Explanation of Options:

-r: Recursive search through directories.
-i: Case-insensitive search.
-C 2: Show 2 lines of context before and after matches.
-E: Enables extended regular expressions.
-n: Displays the line numbers of the matching lines.

According to your need, you can add or remove value inside the single quote separated by "|" sign.

Using Select-String & where-object

Get-Content .\tasks.txt | Select-String -Pattern "Task To Run.*exe.*" -Context 7,0 | Where-Object { $_ -notmatch "system32" -and $_ -notmatch "Next Run Time:\s+N/A" }

Select-String

"Task To Run.exe.": This regular expression matches lines containing "Task To Run" followed by any characters (.*), and then "exe".

We can use "-Context 0,1" to make the search easy.

"-Context 0,1:" Shows 0 lines before and 1 line after each match.

Where-Object

Common Operators

-match: Matches a value using a regular expression (case-insensitive by default).
- Example: $_.Name -match "pattern"
-notmatch: Excludes values that match a regular expression.
- Example: $_.Name -notmatch "pattern"
-like: Matches a value using wildcards (* for multiple characters, ? for a single character).
- Example: $_.Name -like "*value*"
-notlike: Excludes values that match a wildcard pattern.
- Example: $_.Name -notlike "*value*"
-eq: Checks if a value is equal (case-insensitive for strings).
- Example: $_.Status -eq "Active"
-ne: Checks if a value is not equal.
- Example: $_.Status -ne "Inactive"

Example from the command above:

$_ -notmatch "system32" checks if the current line/object does not contain system32.
$_ -notmatch "Next Run Time:\s+N/A" checks if the current line/object does not match Next Run Time: N/A.

Find Command

Showing all content in a folder.

find Default/AppData/Roaming/Microsoft/Windows/SendTo -type f -exec cat {} \; -exec echo -e "\n--*--\n" \;

Searching for file

In Windows:

Get-ChildItem -Path C:\Users -Include *.txt,*.pdf,*.xls,*.xlsx,*.doc,*.docx,*.ini,*.exe, *.log, *.bak, *.kdbx -File -Recurse -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName

# Make changes to the path according to your needs.

-Force Use this option to include the hidden files or directories.

# Below is Extention of file which can have sensitive information.
# Search for this type of file and then filter it out using select-string.
# Use one by one to avoid lots of data
*.ini, *.json, *.xml, *.yaml, *.env, *.cfg, *.dat, *.bak, *.reg, *.properties, *.logs, *.settings, *.conf, *.config

If you want to get data from the file then you can use the below command:

Get-ChildItem -Path C:\xampp -Include *.ini -File -Force -Recurse -ErrorAction SilentlyContinue |
ForEach-Object {
    $matches = Select-String -Path $_.FullName -Pattern "Password" -Context 2,2
    if ($matches) {
        Write-Output "File: $($_.FullName)"
        $matches
        Write-Output ("-" * 50) # Optional separator for readability
    }
}

# One Liner (Modify as per need)
Get-ChildItem -Path C:\xampp -Include *.ini -File -Force -Recurse -ErrorAction SilentlyContinue | ForEach-Object { $matches = Select-String -Path $_.FullName -Pattern "Password" -Context 2,2; if ($matches) { Write-Output "File: $($_.FullName)"; $matches; Write-Output ("-" * 50) } }

CMD search Functionality:

# First navigate to desited directory.
cd <directoryToSearchIn>
dir <nameOfTheFile> /s

# Using Where command:
cmd.exe /c "where /R C:\Users *.txt"

In linux:

find / -name '*.txt' 2>/dev/null
find / -name 'flag.txt' 2>/dev/null -exec cat {} +; ifconfig

Flag Finding

In Windows:

# Way of searching for flag.
Get-ChildItem -Filter "flag.txt" -Path C:\ -Recurse -ErrorAction SilentlyContinue

# Display Flag as well ipconfig one liner.

(Get-Content (Get-ChildItem -Filter "flag.txt" -Path C:\Users -Recurse -ErrorAction SilentlyContinue).FullName); ipconfig

# Same as above but displays path also:

$flag = Get-ChildItem -Filter "flag.txt" -Path C:\Users -Recurse -ErrorAction SilentlyContinue; 
"Location: $($flag.FullName)"; 
Get-Content $flag.FullName; 
ipconfig

# one liner for above command:
Get-ChildItem -Path C:\Users -Recurse -Include "flag.txt", "local.txt", "proof.txt" -ErrorAction SilentlyContinue | ForEach-Object { "Location: $($_.FullName)"; Get-Content $_.FullName; "" } ; ipconfig

# CMD Command:
for /r C:\Users %i in (flag.txt local.txt proof.txt) do @if exist "%i" (echo Location: %i & type "%i" & echo.) 2>nul & ipconfig


# Same as above command but for cmd
powershell -NoProfile -ExecutionPolicy Bypass -Command "Get-ChildItem -Path 'C:\Users' -Recurse -Include 'flag.txt','local.txt','proof.txt' -ErrorAction SilentlyContinue | ForEach-Object { \"Location: $($_.FullName)\"; Get-Content $_.FullName; \"\" }; ipconfig"


# Searching for local.txt
(Get-Content (Get-ChildItem -Filter "local.txt" -Path C:\ -Recurse -ErrorAction SilentlyContinue).FullName); ipconfig

In Linux:

One liner:

find / \( -name "flag.txt" -o -name "local.txt" -o -name "proof.txt" \) 2>/dev/null -exec echo -e "\nFile found:\n" {} \; -exec cat {} \; ; (ifconfig 2>/dev/null || ip a 2>/dev/null)

# Find files by extension:

find / -name '*.txt' 2>/dev/null
find / -name 'flag.txt' 2>/dev/null -exec cat {} +; ifconfig 
find / -name 'flag.txt' 2>/dev/null -exec cat {} +; (ifconfig 2>/dev/null || ip a)


# way to find local file.
find / -name "local.txt" 2>/dev/null -exec cat {} +;  (ifconfig 2>/dev/null || ip a)
find / -name "proof.txt" 2>/dev/null -exec cat {} +;  (ifconfig 2>/dev/null || ip a)

find / -name "local.txt" 2>/dev/null -exec cat {} +; ip a
find / -name "proof.txt" 2>/dev/null -exec cat {} +; ip a

PreviousRustScan Tool NextSearch wordlist

Last updated 10 months ago