Hi all,
So a bit of a generic question here. I have been working on a Windows box. I have access to an FTP share which gives me access to the root of the disk (C:/, or whatever letter it uses). Using this, I tried:
- Uploading files → this isn’t allowed anywhere
- Home directories of users → not allowed
- Web application files (which runs on the box as well) to get credentials
- Config files from installed services
- Files from here: https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/ → these files either don’t contain anything sensitive on my box, or I have no access to these files.
None of these things gave me info that I could use to get a shell. I know that without more context it’ll probably be hard to give any specific advice, but I’m wondering whether I’m missing something obvious, or what your next steps/thoughts would be to try and get in. Please let me know if you have any ideas/tips!
Thanks!