> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/credentials/filesystem-search/trick-0136.md).

# Credential Discovery In Log File

***

Applications or services can log sensitive information like usernames and passwords to files on the filesystem. If these logs are accessible or left behind, especially in unexpected locations like web-accessible directories, they can provide attackers with credentials. Credentials exposed in logs or configuration files represent a significant security risk. This vulnerability, often classified under CWE-532 (Insertion of Sensitive Information into Log File), occurs when applications inadvertently write sensitive data, such as usernames, passwords, API keys, or session tokens, into log files.

Use `cat` or similar commands to view the content of potentially sensitive log files you discover during enumeration. Finding these files is a key step. You can use commands like `find` to locate log files based on patterns.

```bash
find . -name "*.log"
```

Once you have identified potential log files, you can use the `cat` command to view their contents.

```bash
cat log.txt
```

Alternatively, you can use `grep` to search for specific keywords within the log files without displaying the entire file.

```bash
find . -name "*.log" -print0 | xargs -0 grep -i "password"
```

Carefully examine the output for hardcoded credentials, API keys, or any other secrets.
