Pentest Notes
  • About
  • Notes
    • Methodologies & Tools
      • Scanning & Enumeration
        • Scanning
        • Port 21 - FTP
        • Port 22 - SSH
        • Port 23 - telnet
        • Port 25 - SMTP
          • Enumerate Users via SMTP
        • Port 53 - DNS
        • Port 110 - POP3
        • Port 111 - RPCBind
        • Port 123 - NTP
        • Port 139, 445 - SMB
        • Port 143 - IMAP
        • Port 161 - SNMP
        • Port 389 - LDAP
        • Port 1521 - Oracle DB Listener
        • Port 1433 - MSSQL
        • Port 2049 - NFS
        • Port 3306 - MySQL/MariaDB
        • Port 3389 - RDP
        • Port 5432 - Postgres
        • Port 6379 - Redis
        • Port 27017 - MongoDB
      • Active Directory
        • Housekeeping
        • DNS Recon
        • Finding Users
        • Client Side Attacks
        • PowerShell Domain Enumeration
        • Roasting
        • Mimikatz
        • Credential Attacks
        • Bloodhound
        • Persistence
        • Group Policy Attack Tools
        • Service Account Exploits
        • Delegation
        • Cheatsheets
        • Tool Repos
      • Privilege Escalation
        • Windows
          • Basic Methodology
          • UAC Bypass
          • Privilege Exploits
          • Service Exploits
          • Password Hunting
          • Scheduled Tasks
          • Insecure File Permissions
          • Driver Kernel Exploits
          • LAPS Password
          • AlwaysInstallElevated
          • SMBGhost
          • PowerShell
          • PowerUp
          • Enable Remote Desktop
          • Cheatsheets
        • Linux
          • Shell Upgrade
          • Basic Methodology
          • Adding User to /etc/passwd
          • Add User to /etc/sudoers
          • Docker Breakout
          • LD_Library
          • Checking Weird Binaries
          • Outdated Bash
          • NFS Root Squash
          • Resources
      • Web
        • IDOR
        • LFI - Local File Inclusion
          • Windows LFI List
        • RFI - Remote File Inclusion
        • Command Injection
        • Server Side Template Injection - SSTI
        • SQL Injection
          • Blind Injection Sample Script
        • XSS
        • Authentication
        • Administrative Portals
        • NodeJS
        • 403 Forbidden Bypass
      • Network Pivoting
      • Tools
        • Compiling
        • Cracking
        • Port Knocking
        • Shells
        • SQL
      • File Transfer
      • External
Powered by GitBook
On this page
  1. Notes
  2. Methodologies & Tools
  3. Web
  4. LFI - Local File Inclusion

Windows LFI List

C:/Users/Administrator/NTUser.dat
C:/Documents and Settings/Administrator/NTUser.dat
C:/apache/logs/access.log
C:/apache/logs/error.log
C:/apache/php/php.ini
C:/boot.ini
C:/inetpub/wwwroot/global.asa
C:/MySQL/data/hostname.err
C:/MySQL/data/mysql.err
C:/MySQL/data/mysql.log
C:/MySQL/my.cnf
C:/MySQL/my.ini
C:/php4/php.ini
C:/php5/php.ini
C:/php/php.ini
C:/Program Files/Apache Group/Apache2/conf/httpd.conf
C:/Program Files/Apache Group/Apache/conf/httpd.conf
C:/Program Files/Apache Group/Apache/logs/access.log
C:/Program Files/Apache Group/Apache/logs/error.log
C:/Program Files/FileZilla Server/FileZilla Server.xml
C:/Program Files/MySQL/data/hostname.err
C:/Program Files/MySQL/data/mysql-bin.log
C:/Program Files/MySQL/data/mysql.err
C:/Program Files/MySQL/data/mysql.log
C:/Program Files/MySQL/my.ini
C:/Program Files/MySQL/my.cnf
C:/Program Files/MySQL/MySQL Server 5.0/data/hostname.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log 
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err 
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log 
C:/Program Files/MySQL/MySQL Server 5.0/my.cnf
C:/Program Files/MySQL/MySQL Server 5.0/my.ini
C:/Program Files (x86)/Apache Group/Apache2/conf/httpd.conf 
C:/Program Files (x86)/Apache Group/Apache/conf/httpd.conf 
C:/Program Files (x86)/Apache Group/Apache/conf/access.log 
C:/Program Files (x86)/Apache Group/Apache/conf/error.log 
C:/Program Files (x86)/FileZilla Server/FileZilla Server.xml 
C:/Program Files (x86)/xampp/apache/conf/httpd.conf 
C:/WINDOWS/php.ini C:/WINDOWS/Repair/SAM 
C:/Windows/repair/system C:/Windows/repair/software 
C:/Windows/repair/security 
C:/WINDOWS/System32/drivers/etc/hosts
C:/Windows/win.ini 
C:/WINNT/php.ini
C:/WINNT/win.ini
C:/xampp/apache/bin/php.ini
C:/xampp/apache/logs/access.log 
C:/xampp/apache/logs/error.log 
C:/Windows/Panther/Unattend/Unattended.xml 
C:/Windows/Panther/Unattended.xml 
C:/Windows/debug/NetSetup.log 
C:/Windows/system32/config/AppEvent.Evt 
C:/Windows/system32/config/SecEvent.Evt 
C:/Windows/system32/config/default.sav 
C:/Windows/system32/config/security.sav 
C:/Windows/system32/config/software.sav 
C:/Windows/system32/config/system.sav 
C:/Windows/system32/config/regback/default 
C:/Windows/system32/config/regback/sam 
C:/Windows/system32/config/regback/security 
C:/Windows/system32/config/regback/system 
C:/Windows/system32/config/regback/software
C:/Program Files/MySQL/MySQL Server 5.1/my.ini 
C:/Windows/System32/inetsrv/config/schema/ASPNET_schema.xml 
C:/Windows/System32/inetsrv/config/applicationHost.config 
C:/inetpub/logs/LogFiles/W3SVC1/u_ex[YYMMDD].log
PreviousLFI - Local File InclusionNextRFI - Remote File Inclusion

Last updated 2 years ago