Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add useful always existing windows file

Browse source 
Adding always existing file in recent Windows machine. Ideal to test path traversal but nothing much interesting inside
This commit is contained in:
clem9669 2020-06-23 14:26:46 +00:00 committed by GitHub
parent b9295bf504
commit e37aff2fcd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Directory Traversal/README.md
View file

@ -123,6 +123,14 @@ An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software
### Interesting Windows files
Always existing file in recent Windows machine.
Ideal to test path traversal but nothing much interesting inside...
```powershell
c:\windows\system32\license.rtf
c:\windows\system32\eula.txt
```
Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)
```powershell
@ -167,5 +175,6 @@ The following log files are controllable and can be included with an evil payloa
## References
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)