Skip to content

Instantly share code, notes, and snippets.

@wsummerhill

wsummerhill/.post_exploitation_files_windows

Last active November 29, 2023 22:54
Show Gist options
  • Save wsummerhill/182d80ae46179f845b5c15377c0d0356 to your computer and use it in GitHub Desktop.
Save wsummerhill/182d80ae46179f845b5c15377c0d0356 to your computer and use it in GitHub Desktop.
Download ZIP
Windows files to exfiltration during post-exploitation
Raw
.post_exploitation_files_windows
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
%APPDATA%\FileZilla\sitemanager.xml
C:\Program Files\FileZilla Server\FileZilla Server.xml
c:\WINDOWS\Repair\SAM
c:\WINDOWS\php.ini
c:\WINNT\php.ini
c:\Program Files\Apache Group\Apache\conf\httpd.conf
c:\Program Files\Apache Group\Apache2\conf\httpd.conf
c:\Program Files\Apache Group\Apache\logs\access.log
c:\Program Files\Apache Group\Apache\logs\error.log
c:\Program Files\xampp\apache\conf\httpd.conf
C:\apache\logs\access.log
C:\apache\logs\error.log
C:\apache\php\php.ini
c:\php\php.ini
c:\php5\php.ini
c:\php4\php.ini
c:\xampp\apache\bin\php.ini
C:\xampp\apache\bin\php.ini
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\error.log
C:\Windows\Panther\Unattend\Unattended.xml
C:\Windows\Panther\Unattended.xml
C:\Windows\Panther\Unattend.xml
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Bookmarks
%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Bookmarks
C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config
Raw
post_exploitation_directories_windows
%LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\
%APPDATA%\Postman\IndexedDB\
%APPDATA%\SSH\
%APPDATA%\mRemoteNG\
%USERPROFILE%\Documents\SuperPuTTY\
%USERPROFILE%\Documents\MobaXterm\
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment