Sensitive Files to Grab in Windows

Scenario time — you’ve just found that you are able to access a whole windows file system via a directory traversal vuln in a webapp. You don’t have command execution, and your plan is to pull down any potentially sensitive data from files alone. What files should you check?

I was inspired to write this post after reading this tweet from @egyp7:

--

--

Pentester | Hubby | Musician

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store