ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #219 from clem9669/patch-4

Browse Source 
Add useful always existing windows file
This commit is contained in:
Swissky 2020-06-23 18:00:04 +02:00 committed by GitHub
commit e9ee3bb59b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Directory Traversal/README.md
View File

@ -123,6 +123,14 @@ An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software
### Interesting Windows files
Always existing file in recent Windows machine.
Ideal to test path traversal but nothing much interesting inside...
```powershell
c:\windows\system32\license.rtf
c:\windows\system32\eula.txt
```
Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)
```powershell
@ -167,5 +175,6 @@ The following log files are controllable and can be included with an evil payloa
## References
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)