262 CHAPTER 10 Post-exploitation scripting and the ep flag tells netstat to print the process that owns each connection. We now know all we want to know about the networking on the host we have compromised. If we also wanted to know about the users on the system, we could grab the /etc/ passwd file. This file contains most of the login information about each user on the system. The /etc/passwd file contains the user ID, the home directory, the default shell, and frequently, information such as name and office number. To learn more about the /etc/passwd file, we can use the man 5 passwd command, which will elaborate on what each field in the file does. NOTE The man command allows us to reference system documentation from within the system itself. To find information about a command, type man <commandname> or man ­k <concept>, where <concept> can be anything from passwords to strings. The ­k command searches for keywords, so if we don't find what we're looking for using the command name, we can search for the concept that we are looking for to find the answer.