LFI

Windows interesting files to look for.

C:\Users\%USERNAME%\.ssh\id_rsa
%USERNAME%\.ssh\id_rsa

C:\Apache\conf\httpd.conf
C:\Apache\logs\access.log
C:\Apache\logs\error.log
C:\Apache2\conf\httpd.conf
C:\Apache2\logs\access.log
C:\Apache2\logs\error.log
C:\Apache22\conf\httpd.conf
C:\Apache22\logs\access.log
C:\Apache22\logs\error.log
C:\Apache24\conf\httpd.conf
C:\Apache24\logs\access.log
C:\Apache24\logs\error.log
C:\Documents and Settings\Administrator\NTUser.dat
C:\php\php.ini
C:\php4\php.ini
C:\php5\php.ini
C:\php7\php.ini
C:\Program Files (x86)\Apache Group\Apache\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache\logs\access.log
C:\Program Files (x86)\Apache Group\Apache\logs\error.log
C:\Program Files (x86)\Apache Group\Apache2\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache2\logs\access.log
C:\Program Files (x86)\Apache Group\Apache2\logs\error.log
c:\Program Files (x86)\php\php.ini
C:\Program Files\Apache Group\Apache\conf\httpd.conf
C:\Program Files\Apache Group\Apache\conf\logs\access.log
C:\Program Files\Apache Group\Apache\conf\logs\error.log
C:\Program Files\Apache Group\Apache2\conf\httpd.conf
C:\Program Files\Apache Group\Apache2\conf\logs\access.log
C:\Program Files\Apache Group\Apache2\conf\logs\error.log
C:\Program Files\FileZilla Server\FileZilla Server.xml
C:\Program Files\MySQL\my.cnf
C:\Program Files\MySQL\my.ini
C:\Program Files\MySQL\MySQL Server 5.0\my.cnf
C:\Program Files\MySQL\MySQL Server 5.0\my.ini
C:\Program Files\MySQL\MySQL Server 5.1\my.cnf
C:\Program Files\MySQL\MySQL Server 5.1\my.ini
C:\Program Files\MySQL\MySQL Server 5.5\my.cnf
C:\Program Files\MySQL\MySQL Server 5.5\my.ini
C:\Program Files\MySQL\MySQL Server 5.6\my.cnf
C:\Program Files\MySQL\MySQL Server 5.6\my.ini
C:\Program Files\MySQL\MySQL Server 5.7\my.cnf
C:\Program Files\MySQL\MySQL Server 5.7\my.ini
C:\Program Files\php\php.ini
C:\Users\Administrator\NTUser.dat
C:\Windows\debug\NetSetup.LOG
C:\Windows\Panther\Unattend\Unattended.xml
C:\Windows\Panther\Unattended.xml
C:\Windows\php.ini
C:\Windows\repair\SAM
C:\Windows\repair\system
C:\Windows\System32\config\AppEvent.evt
C:\Windows\System32\config\RegBack\SAM
C:\Windows\System32\config\RegBack\system
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SecEvent.evt
C:\Windows\System32\config\SysEvent.evt
C:\Windows\System32\config\SYSTEM
C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\win.ini
C:\xampp\apache\conf\extra\httpd-xampp.conf
C:\xampp\apache\conf\httpd.conf
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\error.log
C:\xampp\FileZillaFTP\FileZilla Server.xml
C:\xampp\MercuryMail\MERCURY.INI
C:\xampp\mysql\bin\my.ini
C:\xampp\php\php.ini
C:\xampp\security\webdav.htpasswd
C:\xampp\sendmail\sendmail.ini
C:\xampp\tomcat\conf\server.xml
# %windir%\repair\sam
# %windir%\System32\config\RegBack\SAM
# %windir%\repair\system
# %windir%\repair\software
# %windir%\repair\security
# %windir%\debug\NetSetup.log (AD domain name, DC name, internal IP, DA account)
# %windir%\iis6.log (5,6 or 7)
# %windir%\system32\logfiles\httperr\httperr1.log
# C:\sysprep.inf
# C:\sysprep\sysprep.inf
# C:\sysprep\sysprep.xml
# %windir%\Panther\Unattended.xml
# C:\inetpub\wwwroot\Web.config
# %windir%\system32\config\AppEvent.Evt (Application log)
# %windir%\system32\config\SecEvent.Evt (Security log)
# %windir%\system32\config\default.sav
# %windir%\system32\config\security.sav
# %windir%\system32\config\software.sav
# %windir%\system32\config\system.sav
# %windir%\system32\inetsrv\config\applicationHost.config
# %windir%\system32\inetsrv\config\schema\ASPNET_schema.xml
# %windir%\System32\drivers\etc\hosts (dns entries)
# %windir%\System32\drivers\etc\networks (network settings)
# %windir%\system32\config\SAM
# C:/windows/system32/inetsrv/config/schema/ASPNET_schema.xml
# C:/windows/system32/inetsrv/config/applicationHost.config
# C:/windows/system32/logfiles/httperr/httperr1.log
# C:/windows/debug/NetSetup.log - (may contain AD domain name, DC name, internal IP, DA account)
# C:/windows/system32/drivers/etc/hosts - (dns entries)
# C:/windows/system32/drivers/etc/networks - (network settings)

PreviousWeb Apps NextApache

Last updated 2 years ago

Was this helpful?

Windows interesting files to look for.

C:\Users\%USERNAME%\.ssh\id_rsa
%USERNAME%\.ssh\id_rsa

C:\Apache\conf\httpd.conf
C:\Apache\logs\access.log
C:\Apache\logs\error.log
C:\Apache2\conf\httpd.conf
C:\Apache2\logs\access.log
C:\Apache2\logs\error.log
C:\Apache22\conf\httpd.conf
C:\Apache22\logs\access.log
C:\Apache22\logs\error.log
C:\Apache24\conf\httpd.conf
C:\Apache24\logs\access.log
C:\Apache24\logs\error.log
C:\Documents and Settings\Administrator\NTUser.dat
C:\php\php.ini
C:\php4\php.ini
C:\php5\php.ini
C:\php7\php.ini
C:\Program Files (x86)\Apache Group\Apache\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache\logs\access.log
C:\Program Files (x86)\Apache Group\Apache\logs\error.log
C:\Program Files (x86)\Apache Group\Apache2\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache2\logs\access.log
C:\Program Files (x86)\Apache Group\Apache2\logs\error.log
c:\Program Files (x86)\php\php.ini
C:\Program Files\Apache Group\Apache\conf\httpd.conf
C:\Program Files\Apache Group\Apache\conf\logs\access.log
C:\Program Files\Apache Group\Apache\conf\logs\error.log
C:\Program Files\Apache Group\Apache2\conf\httpd.conf
C:\Program Files\Apache Group\Apache2\conf\logs\access.log
C:\Program Files\Apache Group\Apache2\conf\logs\error.log
C:\Program Files\FileZilla Server\FileZilla Server.xml
C:\Program Files\MySQL\my.cnf
C:\Program Files\MySQL\my.ini
C:\Program Files\MySQL\MySQL Server 5.0\my.cnf
C:\Program Files\MySQL\MySQL Server 5.0\my.ini
C:\Program Files\MySQL\MySQL Server 5.1\my.cnf
C:\Program Files\MySQL\MySQL Server 5.1\my.ini
C:\Program Files\MySQL\MySQL Server 5.5\my.cnf
C:\Program Files\MySQL\MySQL Server 5.5\my.ini
C:\Program Files\MySQL\MySQL Server 5.6\my.cnf
C:\Program Files\MySQL\MySQL Server 5.6\my.ini
C:\Program Files\MySQL\MySQL Server 5.7\my.cnf
C:\Program Files\MySQL\MySQL Server 5.7\my.ini
C:\Program Files\php\php.ini
C:\Users\Administrator\NTUser.dat
C:\Windows\debug\NetSetup.LOG
C:\Windows\Panther\Unattend\Unattended.xml
C:\Windows\Panther\Unattended.xml
C:\Windows\php.ini
C:\Windows\repair\SAM
C:\Windows\repair\system
C:\Windows\System32\config\AppEvent.evt
C:\Windows\System32\config\RegBack\SAM
C:\Windows\System32\config\RegBack\system
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SecEvent.evt
C:\Windows\System32\config\SysEvent.evt
C:\Windows\System32\config\SYSTEM
C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\win.ini
C:\xampp\apache\conf\extra\httpd-xampp.conf
C:\xampp\apache\conf\httpd.conf
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\error.log
C:\xampp\FileZillaFTP\FileZilla Server.xml
C:\xampp\MercuryMail\MERCURY.INI
C:\xampp\mysql\bin\my.ini
C:\xampp\php\php.ini
C:\xampp\security\webdav.htpasswd
C:\xampp\sendmail\sendmail.ini
C:\xampp\tomcat\conf\server.xml
# %windir%\repair\sam
# %windir%\System32\config\RegBack\SAM
# %windir%\repair\system
# %windir%\repair\software
# %windir%\repair\security
# %windir%\debug\NetSetup.log (AD domain name, DC name, internal IP, DA account)
# %windir%\iis6.log (5,6 or 7)
# %windir%\system32\logfiles\httperr\httperr1.log
# C:\sysprep.inf
# C:\sysprep\sysprep.inf
# C:\sysprep\sysprep.xml
# %windir%\Panther\Unattended.xml
# C:\inetpub\wwwroot\Web.config
# %windir%\system32\config\AppEvent.Evt (Application log)
# %windir%\system32\config\SecEvent.Evt (Security log)
# %windir%\system32\config\default.sav
# %windir%\system32\config\security.sav
# %windir%\system32\config\software.sav
# %windir%\system32\config\system.sav
# %windir%\system32\inetsrv\config\applicationHost.config
# %windir%\system32\inetsrv\config\schema\ASPNET_schema.xml
# %windir%\System32\drivers\etc\hosts (dns entries)
# %windir%\System32\drivers\etc\networks (network settings)
# %windir%\system32\config\SAM
# C:/windows/system32/inetsrv/config/schema/ASPNET_schema.xml
# C:/windows/system32/inetsrv/config/applicationHost.config
# C:/windows/system32/logfiles/httperr/httperr1.log
# C:/windows/debug/NetSetup.log - (may contain AD domain name, DC name, internal IP, DA account)
# C:/windows/system32/drivers/etc/hosts - (dns entries)
# C:/windows/system32/drivers/etc/networks - (network settings)