> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/credentials/filesystem-search/trick-0137.md).

# Credential Discovery In Script File

***

It's a common misconfiguration: scripts like `backup.sh` often contain credentials needed for their tasks. If these files have weak permissions allowing other users to read them, you can find embedded passwords, API keys, or other secrets.

Look for scripts owned by other users but readable by your current user. Once found, simply display the content.

```bash
cat backup.sh
```

Scan the output for hardcoded credentials, connection strings, or configuration details.

File permissions determine who can read, write, or execute a file. Permissions are typically represented as `-rwxrwxrwx`, where the first character indicates the file type, and the next nine characters represent permissions for the owner, group, and others, respectively. The letters 'r', 'w', and 'x' stand for read, write, and execute. If a dash appears instead of a letter, the permission is denied.

You can check the permissions of a file using the `ls -l` command. For example:

```bash
ls -l /path/to/some/file
```

This output will show the owner, group, and permissions. If the 'others' section (the last three characters) includes 'r', it means any user on the system can read the file.

To specifically search for files that are readable by 'others' (world-readable), you can use the `find` command. For instance, to find all files in the root directory (`/`) that are readable by others:

```bash
find / -perm -o+r -type f 2>/dev/null
```

This command searches from the root (`/`), looks for files (`-type f`) with permissions where 'others' (`o`) have read (`+r`) permission (`-perm`), and redirects errors to `/dev/null`.

Alternatively, you can use the octal representation for permissions with `find`. The permission `/0004` corresponds to world-readable files.

```bash
find / -perm /0004 -type f 2>/dev/null
```

Once you identify potentially interesting files, such as scripts or configuration files owned by other users but readable by you, you can use `cat` or a similar command to view their contents and search for credentials. For example, if the `find` command located `/opt/scripts/db_backup.sh`, you could view its content with:

```bash
cat /opt/scripts/db_backup.sh
```

Review the output carefully for hardcoded passwords, API keys, database connection strings, or other sensitive information that could be reused or exploited.
