Sensitive Files to Grab in Windows
Scenario time — you’ve just found that you are able to access a whole windows file system via a directory traversal vuln in a webapp. You don’t have command execution, and your plan is to pull down any potentially sensitive data from files alone. What files should you check?
I was inspired to write this post after reading this tweet from @egyp7: