/etc/passwd
Checking for any files owned by the michael user after making the Lateral Movement
[michael@snookums ~]$ find / -user michael -ls -type f 2>/dev/null | grep -v '/proc'
5 0 crw--w---- 1 michael tty 136, 2 Mar 23 17:38 /dev/pts/2
173517 0 drwx------ 2 michael michael 40 Mar 23 17:24 /run/user/1000
4280452 4 -rw-r--r-- 1 michael root 1165 Mar 23 17:34 /etc/passwd
775207 0 -rw-rw---- 1 michael mail 0 Jun 9 2020 /var/spool/mail/michael
13279825 0 drwx------ 2 michael michael 100 Mar 23 17:34 /home/michael
13279826 4 -rw-r--r-- 1 michael michael 18 Aug 8 2019 /home/michael/.bash_logout
13279827 4 -rw-r--r-- 1 michael michael 193 Aug 8 2019 /home/michael/.bash_profile
13279828 4 -rw-r--r-- 1 michael michael 231 Aug 8 2019 /home/michael/.bashrc
13238147 4 -rw-r--r-- 1 michael michael 33 Mar 23 15:49 /home/michael/local.txtThe /etc/passwd file is OWNED by the michael user
Moving on to the Privilege Escalation phase