From d8b82c3a2884ae9f26efffac108ec59ad92f4440 Mon Sep 17 00:00:00 2001
From: r1cksec <77610058+r1cksec@users.noreply.github.com>
Date: Fri, 28 Jun 2024 11:43:56 +0200
Subject: [PATCH] More cheatsheets

---
 api/hunter-how.md                     |  13 +
 linux/date.md                         |   5 +
 linux/git.md                          |   2 +-
 linux/qubes.md                        |  28 ++-
 snippet/sh/timeDateFormat.sh          |   6 -
 url/git-tools                         |  44 +++-
 url/news.md                           |   3 +-
 url/services.md                       |   1 -
 url/tagged-urls.md                    |  22 +-
 wordlist/credential-windows-files     | 235 ------------------
 wordlist/credential-windows-paths     | 204 ---------------
 wordlist/local-file-inclusion-windows | 342 ++++++++++++++++++--------
 12 files changed, 343 insertions(+), 562 deletions(-)
 create mode 100644 api/hunter-how.md
 delete mode 100644 snippet/sh/timeDateFormat.sh
 delete mode 100644 wordlist/credential-windows-files
 delete mode 100644 wordlist/credential-windows-paths

diff --git a/api/hunter-how.md b/api/hunter-how.md
new file mode 100644
index 0000000..42f67aa
--- /dev/null
+++ b/api/hunter-how.md
@@ -0,0 +1,13 @@
+### Source
+https://hunter.how/search-api
+
+### Get open ports from domain (regarding last 7 days)
+```
+curl "https://api.hunter.how/search?api-key=<apiKey>&query=$(echo 'domain="<domain>"' | base64)&start_time=$(date -d '7 days ago' +'%Y-%m-%d')&end_time=$(date +'%Y-%m-%d')"
+```
+
+### Get open ports from ip (regarding last 7 days)
+```
+curl "https://api.hunter.how/search?api-key=<apiKey>&query=$(echo 'ip="<ip>"' | base64)&start_time=$(date -d '7 days ago' +'%Y-%m-%d')&end_time=$(date +'%Y-%m-%d')"
+```
+
diff --git a/linux/date.md b/linux/date.md
index 2599bec..42a0d56 100644
--- a/linux/date.md
+++ b/linux/date.md
@@ -8,3 +8,8 @@ date -d @1302401211
 date -d "1601/1/1+$(expr <pwdLastSet> / 10000000 )Seconds"
 ```
 
+### Get the date one week before today
+```
+date -d "7 days ago" +"%Y-%m-%d"
+```
+
diff --git a/linux/git.md b/linux/git.md
index 50989a0..46e4895 100644
--- a/linux/git.md
+++ b/linux/git.md
@@ -56,7 +56,7 @@ git difftool --tool-help
 
 ### Use specific difftool and do not prompt user
 ```
-git difftool -y --tool=vimdiff
+git difftool -y --tool=meld <commit>
 ```
 
 ### Use git via ssh
diff --git a/linux/qubes.md b/linux/qubes.md
index 296e85e..beff407 100644
--- a/linux/qubes.md
+++ b/linux/qubes.md
@@ -8,14 +8,19 @@ sudo qubes-dom0-update <packet>
 qvm-run --pass-io <qubeName> '<command>'
 ```
 
-### Copy file to dom0
+### List PCI devices
 ```
-qvm-run --pass-io <qubeName> 'cat <file> > <outFile>'
+qvm-pci list
 ```
 
-### Copy file to qube
+### Detach PCI (Eternet controller)
 ```
-qvm-copy-to-vm <qubeName> <file>
+qvm-pci detach -v sys-net dom0:00_1f.6
+```
+
+### Attach PCI (Eternet controller)
+```
+qvm-pci attach -v --persistent --option no-script-reset=True sys-net dom0:00_1f.6
 ```
 
 ### List network information of qube
@@ -43,3 +48,18 @@ qvm-prefs <qubeName> maxmem 8000
 xentop
 ```
 
+### Install untrusted qube
+```
+sudo qubesctl state.sls qvm.untrusted
+```
+
+### Copy file to dom0
+```
+qvm-run --pass-io <qubeName> 'cat <file> > <outFile>'
+```
+
+### Copy file to qube
+```
+qvm-copy-to-vm <qubeName> <file>
+```
+
diff --git a/snippet/sh/timeDateFormat.sh b/snippet/sh/timeDateFormat.sh
deleted file mode 100644
index 8398ce9..0000000
--- a/snippet/sh/timeDateFormat.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-timeAndDate=$(date "+%F %T")
-timeAndDate=$(echo ${timeAndDate} | sed 's/ /-T-/g')
-timeAndDate=$(echo ${timeAndDate} | sed 's/:/-/g')
-
-echo ${timeAndDate}
-
diff --git a/url/git-tools b/url/git-tools
index 73c23ba..99bb2bc 100644
--- a/url/git-tools
+++ b/url/git-tools
@@ -56,7 +56,7 @@ https://github.com/0xthirteen/SharpRDP
 Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
 
 https://github.com/0xv1n/RemoteSessionEnum
-The purpose of this project was to attempt to replicate the functionality of qwinsta /server:<servername> utilizing the largely undocumented Windows Station (WinSta) API.
+Remotely Enumerate sessions using undocumented Windows Station APIs
 
 https://github.com/0xv1n/proc-suspend
 powershell script i wrote that can suspend an arbitrary process (with limits)
@@ -94,6 +94,9 @@ https://github.com/Accenture/Codecepticon
 https://github.com/Accenture/Spartacus
 Spartacus DLL Hijacking Discovery Tool
 
+https://github.com/AdnaneKhan/Gato-X
+Gato Extreme Edition is a hard fork of Gato, which was originally developed by @AdnaneKhan, @mas0nd, and @DS-koolaid. Gato-X is maintained by @AdnaneKhan and serves to automate advanced enumeration and exploitation techniques against GitHub repositories and organizations for security research purposes.
+
 https://github.com/AdrianVollmer/Congruence
 A command line interface to Atlassian Confluence
 
@@ -193,6 +196,9 @@ yet another AV killer tool using BYOVD
 https://github.com/BloodHoundAD/BloodHound
 Six Degrees of Domain Admin
 
+https://github.com/C0untFloyd/roop-unleashed
+Evolved Fork of roop with Web Server and lots of additions
+
 https://github.com/C3n7ral051nt4g3ncy/Prot1ntelligence
 Protintelligence is a Python script for the OSINT and Cyber Community. It finds intelligence on Protonmail accounts
 
@@ -202,6 +208,9 @@ Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab a
 https://github.com/CCob/SharpBlock
 A method of bypassing EDR's active projection DLL's by preventing entry point exection
 
+https://github.com/CCob/Shwmae
+Shwmae (shuh-my) is a Windows Hello abuse tool that was released during DEF CON 32 as part of the Abusing Windows Hello Without a Severed Hand talk. The purpose of the tool is to abuse Windows Hello from a privileged user context.
+
 https://github.com/CCob/SweetPotato
 Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
 
@@ -841,6 +850,9 @@ Tunna is a set of tools which will wrap and tunnel any TCP communication over HT
 https://github.com/SafeBreach-Labs/PoolParty
 A set of fully-undetectable process injection techniques abusing Windows Thread Pools
 
+https://github.com/SafeBreach-Labs/QuickShell
+A library and a set of tools for exploiting and communicating with Google's Quick Share devices.
+
 https://github.com/SamJoan/droopescan
 A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
 
@@ -925,6 +937,9 @@ EmailAll is a powerful Email Collect tool
 https://github.com/TarlogicSecurity/BlueSpy
 PoC to record audio from a Bluetooth device
 
+https://github.com/Teach2Breach/Tempest
+A command and control framework written in rust.
+
 https://github.com/The-Viper-One/PsMapExec
 A PowerShell tool that takes strong inspiration from CrackMapExec.
 
@@ -1129,6 +1144,9 @@ Prevents you from committing secrets and credentials into git repositories
 https://github.com/ayoubfathi/leaky-paths
 A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
 
+https://github.com/badsectorlabs/sccm-http-looter
+Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)
+
 https://github.com/bats3c/ADCSPwn
 A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
 
@@ -1663,6 +1681,9 @@ Subdomain Takeover tool written in Go
 https://github.com/hackerhouse-opensource/WMIProcessWatcher
 A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
 
+https://github.com/hacksider/Deep-Live-Cam
+real time face swap and one-click video deepfake with only a single image
+
 https://github.com/hakaioffsec/navgix
 navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities
 
@@ -1900,6 +1921,9 @@ Abusing Reddit API to host the C2 traffic, since most of the blue-team members u
 https://github.com/kleiton0x00/Shelltropy
 A technique of hiding malicious shellcode via Shannon encoding.
 
+https://github.com/kleiton0x00/contexter
+Contexter - A secondary context path traversal / server-side parameter pollution testing tool written in Python 3
+
 https://github.com/klezVirus/CandyPotato
 Pure C++, weaponized, fully automated implementation of RottenPotatoNG
 
@@ -2428,6 +2452,9 @@ Go alternative of python SimpleHTTPServer
 https://github.com/projectdiscovery/subfinder
 Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
 
+https://github.com/projectdiscovery/tldfinder
+A streamlined tool for discovering TLDs, associated domains, and related domain names.
+
 https://github.com/projectdiscovery/useragent
 Curated list of categorized User Agents
 
@@ -2524,6 +2551,9 @@ Dump lsass using only Native APIs by hand-crafting Minidump files (without Minid
 https://github.com/ricardojoserf/SharpSelfDelete
 PoC to self-delete a binary in C#
 
+https://github.com/ricardojoserf/TrickDump
+Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!
+
 https://github.com/righteousgambit/quiet-riot
 Unauthenticated enumeration of AWS, Azure, and GCP Principals
 
@@ -2560,6 +2590,9 @@ A script that collects employee data located within Xing
 https://github.com/rtrouton/create_macos_vm_install_dmg
 This script prepares macOS installer disk images for use with virtualization software like VMware Fusion or Parallels.
 
+https://github.com/runZeroInc/sshamble
+SSHamble: Unexpected Exposures in SSH
+
 https://github.com/rvazarkar/GMSAPasswordReader
 Reads the password blob from a GMSA account using LDAP, and parses the values into hashes for re-use.
 
@@ -2728,6 +2761,9 @@ World’s single largest Internet domains dataset
 https://github.com/techjacker/repo-security-scanner
 CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
 
+https://github.com/tehstoni/tryharder
+C++ Staged Shellcode Loader with Evasion capabilities.
+
 https://github.com/tennc/webshell
 This is a webshell open source project
 
@@ -2785,6 +2821,9 @@ Rust Weaponization for Red Team Engagements.
 https://github.com/trufflesecurity/truffleHog
 Searches through git repositories for high entropy strings and secrets, digging deep into commit history
 
+https://github.com/trustedsec/ELFLoader
+This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.
+
 https://github.com/trustedsec/hardcidr
 hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime.
 
@@ -2938,6 +2977,9 @@ Collection of tools that reflect the network dimension into Bloodhound's data
 https://github.com/zeronetworks/BlueHound
 BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter.
 
+https://github.com/zeze-zeze/NamedPipeMaster
+a tool used to analyze and monitor in named pipes
+
 https://github.com/zsh-users/zsh-autosuggestions 
 Fish-like autosuggestions for zsh
 
diff --git a/url/news.md b/url/news.md
index 211a6eb..13236a1 100644
--- a/url/news.md
+++ b/url/news.md
@@ -8,10 +8,11 @@
 * https://talkback.sh
 * https://thehackernews.com
 * https://thisweekin4n6.com
+* https://threats.wiz.io/all-incidents
 * https://www.breaches.cloud
 * https://www.golem.de/specials/security
 * https://www.ransomlook.io/recent
-* https://www.ransomware.live/#/recentvictims
+* https://www.ransomware.live/#/recent
 * https://www.reddit.com/r/redteamsec
 * https://www.sixgen.io/news
 * https://www.threatable.io
diff --git a/url/services.md b/url/services.md
index 24dabcd..257b1fd 100644
--- a/url/services.md
+++ b/url/services.md
@@ -72,7 +72,6 @@
 * https://report.netcraft.com/report
 * https://socradar.io/labs/accountbreach
 * https://strontic.github.io/xcyclopedia ; #windows #forensic #dfir #executable
-* https://threats.wiz.io ; #cloud #malware #watchlist
 * https://urlfiltering.paloaltonetworks.com
 * https://uuid.pirate-server.com ; #windows #globally-unique-identifier #guid #uuid
 * https://vim-adventures.com ; #vim #game
diff --git a/url/tagged-urls.md b/url/tagged-urls.md
index 4a69ec9..58ac7ac 100644
--- a/url/tagged-urls.md
+++ b/url/tagged-urls.md
@@ -61,6 +61,7 @@
 * https://badoption.eu/docs/blog/2023/01/31/code_c2.html ; #c2 #command-and-control #vscode #tunnel
 * https://bakerstreetforensics.com/2023/07/19/hunting-for-indicators-with-powershell-new-files ; #threat-intelligence #malware-analyse #forensic #dfir #powershell
 * https://baldur.dk/blog/writing-metasploit-exploit.html ; #metasploit #exploit-development #ruby
+* https://bartblaze.blogspot.com/2024/08/microsoft-word-and-sandboxes.html ; #windows #word #sandbox #reconaissance
 * https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce ; #cve #windows #microsoft-word #zip #mhtml #iframe
 * https://bishopfox.com/blog/introducing-cloudfox ; #cloud #aws #azure #entra #enumeration
 * https://bishopfox.com/blog/spoofy-email-domain-spoofing ; #phishing #mail #dmark #dkim #spf
@@ -104,7 +105,7 @@
 * https://blog.nviso.eu/2024/08/02/from-evidence-to-advantage-leveraging-incident-response-artifacts-for-red-team-engagements ; #windows-api #registry #forensic-artifacts
 * https://blog.phylum.io/attackers-repurposing-existing-python-based-malware-for-distribution-on-npm ; #supply-chain #npm #python #malware-analyse
 * https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3 ; #aws #bucket #s3 #storage #cognito
-* https://blog.projectdiscovery.io/guide-to-dns-takeovers ; #dns-takeover #nameserver #subdomain-takeover #osint #recon
+* https://blog.projectdiscovery.io/guide-to-dns-takeovers ; #dns-takeover #nameserver #subdomain-takeover #osint #reconaissance
 * https://blog.projectdiscovery.io/nuclei-fuzz-all-the-way ; #webapp #nuclei #fuzzing #url
 * https://blog.pulsedive.com/analyzing-darkgate-loaders ; #malware-analyse #threat-intelligence #darkgate
 * https://blog.quarkslab.com/php-deserialization-attacks-and-a-new-gadget-chain-in-laravel.html ; #php #deserialization #gadged-chain #magic-methods
@@ -169,7 +170,7 @@
 * https://detect.fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8?gi=f841fec0eb16 ; #threat-intelligence #named-pipe #ipc #windows #linux #event-id #threat-hunting
 * https://detect.fyi/threat-hunting-suspicious-windows-service-names-2f0dceea204c?gi=25697c91242b ; #dfir #forensic #event-id #log #windows #services #siem
 * https://devblogs.microsoft.com/oldnewthing/20230303-00/?p=107894 ; #clipboard #enumeration #history
-* https://dfir.ch/posts/search-ms_protocol_handler ; #threat-intelligence #search-ms #uri-handler #protocol-provider
+* https://dfir.ch/posts/search-ms_protocol_handler ; #threat-intelligence #search-ms #uri-handler #protocol-provider #phishing
 * https://diablohorn.com/2023/08/22/lateral-movement-a-conceptual-overview ; #lateral-movement #network #identity
 * https://digitalinvestigator.blogspot.com/2022/11/techniques-in-email-forensic-analysis.html ; #forensic #dfir #email
 * https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra ; #entra #azure #temporary-access-passes #cloud-kerberos-trust
@@ -187,7 +188,7 @@
 * https://exploit.ph/des-is-useful.html ; #active-directory #kerberos #domain-controller #rubues #des #targeted-kerberoast #data-encryption-standard
 * https://exploits.forsale/themebleed ; #poc #theme-bleed #windows11 #cve-2023-38146
 * https://explore.avertium.com/resource/an-in-depth-look-at-cuba-ransomware ; #threat-intelligence #cuba #ransomware
-* https://exposingtheinvisible.org/guides/google-dorking ; #google-dork #bing #yahoo #duckduckgo #osint #recon
+* https://exposingtheinvisible.org/guides/google-dorking ; #google-dork #bing #yahoo #duckduckgo #osint #reconaissance
 * https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html ; #slack #cookie-api-token #ripcord
 * https://fireshellsecurity.team/mining-takeovers-for-fun-and-profit ; #dns-takeover #nameserver #selenium #python #securitytrails
 * https://firexfly.com/quines ; #quine #c
@@ -278,6 +279,7 @@
 * https://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing ; #windows #api-hashing #indirect-dynamic-syscall
 * https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d ; #threat-intelligence #malware #facebook #phishing #batch
 * https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware ; #ms-teams #phishing #http-post #instant-messenger
+* https://labs.jumpsec.com/ssh-tunnelling-to-punch-through-corporate-firewalls-updated-take-on-one-of-the-oldest-lolbins ; #windows #ssh #pivoting #proxy #firewall #port-forwarding
 * https://labs.lares.com/adcs-exploits-investigations-pt1 ; #active-directory #certificate-service #adcs #detection #event-id
 * https://labs.lares.com/adcs-exploits-investigations-pt2 ; #active-directory #certificate-service #adcs #detection #esc1 #esc3 #esc4 esc6
 * https://labs.lares.com/fear-kerberos-pt1 ; #windows #active-directory #kerberos #key-distribution-center #tgs #tgt #pre-authentication
@@ -360,6 +362,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://nyxgeek.wordpress.com/2023/09/21/enumerating-24-million-users ; #user-enumeration #azure #entra #onedrive #microsoft
 * https://o365blog.com/post/gmsa ; #cloud #azure #entra #group-managed-service-account #gmsa #password-dump
 * https://objective-see.org/blog/blog_0x77.html ; #mac-os-x #malware-analyse #threat-intelligence
+* https://objective-see.org/blog/blog_0x7B.html ; #crash-reports #osint #kernel #yara
 * https://objective-see.org/downloads/MacMalware_2022.pdf ; #macosx #malware #analyse #threat-intelligence
 * https://offensivedefence.co.uk/posts/dinvoke-syscalls ; #syscall #dinvoke
 * https://ora.ox.ac.uk/objects/uuid:e9d5d85f-b77f-4f11-8006-17dd88660467/download_file?file_format=application%2Fpdf&safe_filename=Salkield_et_al_2023_satellite_spoofing_from.pdf ; #satelite #spoofing
@@ -382,6 +385,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://podalirius.net/en/articles/parsing-the-msds-keycredentiallink-value-for-shadowcredentials-attack ; #active-directory #certificate-service #adcs #msds-keycredentiallink #shadow-credentials
 * https://portswigger.net/kb/issues ; #webapp #wiki #cheatsheets
 * https://portswigger.net/research/blind-css-exfiltration ; #web #css #blind-html-injection #data-exfiltration #content-security-policy
+* https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work ; #web-timing-attack #tcp #http-header #sqli #json #reverse-proxy
 * https://portswigger.net/research/smashing-the-state-machine ; #web #gitlab #race-conditions #http
 * https://portswigger.net/web-security/all-materials ; #webapp #wiki #methodology
 * https://posts.inthecyber.com/leveraging-microsoft-teams-for-initial-access-42beb07f12c4?gi=e95fe0fe7c69 ; #ms-teams #phishing #http-post #initial-access #instant-messenger
@@ -491,14 +495,14 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://soxoj.substack.com/p/getting-an-instagram-profile-by-phone ; #threat-intelligence #phone #instagram
 * https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html ; #windows #lsass #token #uac #sspi #ntlm
 * https://squiblydoo.blog/2023/06/05/understanding-pe-bloat-with-malcat ; #reverse-engineering #pe-bloat #malcat
-* https://sra.io/blog/letitgo-a-case-study-in-expired-domains-and-azure-ad ; #cloud #azure #entra #domain-takeover #recon
+* https://sra.io/blog/letitgo-a-case-study-in-expired-domains-and-azure-ad ; #cloud #azure #entra #domain-takeover #reconaissance
 * https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5b8f091c0ebbe8644d3a886c/1536100639356/Windows+ATT%26CK_Logging+Cheat+Sheet_ver_Sept_2018.pdf ; #logs #win7 #cheatsheets 
 * https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5c586681f4e1fced3ce1308b/1549297281905/Windows+Logging+Cheat+Sheet_ver_Feb_2019.pdf ; #logs #win7 #win2019 #cheatsheets
 * https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode ; #c #inline-assembly #windows #evasion #position-independent-code #pic #msfvenom
 * https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-embedding-payloads-with-msfvenom-x86 ; #payload #mdfvenom #evasion
 * https://steve-s.gitbook.io/0xtriboulet/zerototal/zero-total-self-injecting-calc ; #shellcode #self-injection #evasion
 * https://stmxcsr.com/dll-search-order-hijacking.html ; #windows #dll #sideloading #enumeration
-* https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack ; #recon #osint #domain #certificate-transparency #time-correlation
+* https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack ; #reconaissance #osint #domain #certificate-transparency #time-correlation
 * https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps ; #webapp #jetty #file-upload #waf
 * https://syfuhs.net/understanding-windows-auth ; #windows #lsass #authentication #methodology #kerberos #azure #entra #trust
 * https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html ; #windows #chrome #persistence
@@ -527,6 +531,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://trufflesecurity.com/blog/trufflehog-commands-git-vs-filesystem ; #trufflehog #git #github #secrets #keys
 * https://trustedsec.com/blog/a-hitchhackers-guide-to-dacl-based-detections-part-1-a ; #windows #acl #active-directory #gpo
 * https://trustedsec.com/blog/js-tap-weaponizing-javascript-for-red-teams ; #javascript #xss #web #persistence
+* https://trustedsec.com/blog/oops-i-udld-it-again ; #phishing #ntlm #universal-data-link-configuration #udl
 * https://trustedsec.com/blog/persisting-xss-with-iframe-traps ; #javascript #xss #web #persistence
 * https://trustedsec.com/blog/the-triforce-of-initial-access ; #azure #entra #azurehound #roadtools #teamfiltration #bobber #evilginx
 * https://undev.ninja/introduction-to-threat-intelligence-etw ; #windows #event-tracing #descriptors 
@@ -564,6 +569,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.bellingcat.com/resources/how-tos/2023/05/08/finding-geolocation-leads-with-bellingcats-openstreetmap-search-tool ; #osint #geo-location #open-street-map #image
 * https://www.blackhillsinfosec.com/abusing-exchange-mailbox-permissions-mailsniper ; #windows #exchange #mailsniper #mailbox #outlook
 * https://www.blackhillsinfosec.com/constrained-language-mode-bypass-when-pslockdownpolicy-is-used ; #windows #powershell #constrained-language-mode #clm #bypass
+* https://www.blackhillsinfosec.com/dll-jmping ; #windows #dll-hollowing #shellcode
 * https://www.blackhillsinfosec.com/hunting-for-ssrf-bugs-in-pdf-generators ; #web #server-side-request-forgery #ssrf #pdf #javascript #html #aws
 * https://www.blackhillsinfosec.com/introducing-graphrunner ; #azure #entra #microsoft365 #graphrunner
 * https://www.blackhillsinfosec.com/introducing-slackenum ; #slack #phishing
@@ -593,7 +599,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.geekboy.ninja/blog ; #web #xss #clickjacking #pastejacking
 * https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques ; #windows #active-directory #ntlm-relay #shadow-credentials #s4u2self #resource-based-delegation
 * https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment ; #sccm #system-centre-configuration-manager #windows #active-directory
-* https://www.hackerone.com/application-security/guide-subdomain-takeovers ; #web #subdomain-takeover #cname #osint #recon #methodology #dns
+* https://www.hackerone.com/application-security/guide-subdomain-takeovers ; #web #subdomain-takeover #cname #osint ##methodology #dns
 * https://www.hackthebox.com/blog/llmnr-poisoning-attack-detection ; #llmnr ntlm-relay #detection
 * https://www.horizon3.ai/from-cve-2022-33679-to-unauthenticated-kerberoasting ; #kerberoast #active-directory #kerberoast #cve #spn #tgt
 * https://www.http418infosec.com/offsecops-using-jenkins-for-red-team-tooling ; #jenkins #pipeline #obfuscation #csharp
@@ -629,6 +635,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.netspi.com/blog/technical/network-penetration-testing/decrypting-iis-passwords-to-break-out-of-the-dmz-part-2 ; #windows #iis #application-pool #credential-dump #appcmd
 * https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares ; #windows #active-directory #ntfs #smb-share
 * https://www.offensive-security.com/metasploit-unleashed ; #c2 #command-and-control #wiki #methodology #documentation
+* https://www.ophionsecurity.com/post/phishing-the-anti-phishers-exploiting-anti-phishing-tools-for-internal-access ; #jira #anti-phishing #automated-email-gateway #saas #softare-as-a-service
 * https://www.osintme.com/index.php/2022/10/18/the-osint-me-ultimate-guide-to-telegram-osint-and-privacy ; #osint #telegram
 * https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux ; #edr #telemetry #linux #macosx
 * https://www.patreon.com/posts/91648640?utm_campaign=postshare_creator ; #dotnet #console-app #initial-access
@@ -671,7 +678,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-blue-team-s-guide-to-initial-access-vectors.html ; #azure #entra #microsoft365 #unified-audit-log #ual #illicit-consent-grant #password-spraying #device-code-phishing #evilginx
 * https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques ; #webapp #refresh-token
 * https://www.synacktiv.com/en/publications/a-dive-into-microsoft-defender-for-identity.html ; #windows #etw #mdi #azure #entra #edr #ldap #kerberos #evasion #bypass
-* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html ; #cloud #azure #entra #methodology #recon #phs
+* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html ; #cloud #azure #entra #methodology ##phs
 * https://www.synacktiv.com/en/publications/github-actions-exploitation-untrusted-input ; #github-actions #expression-injection #continuous-integration #continuous-delivery #code-injection
 * https://www.synacktiv.com/en/publications/pcapan-a-pcap-analysis-helper.html ; #dfir #forensic #pcab
 * https://www.synacktiv.com/publications/exploring-android-heap-allocations-in-jemalloc-new ; #android #heap-overflow #allocation
@@ -712,6 +719,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
 * https://xphantom.nl/posts/crypto-attack-jenkins ; #webapp #jenkins #cve-2024-23897 #remote-ccode-execution #exploit
 * https://xret2pwn.github.io/Myths-About-External-C2 ; #c2 #command-and-control #infrastructure #sockets #named-pipes
 * https://xret2pwn.github.io/The-Art-of-Clipboard-Forensics-Recovering-Deleted-Data ; #clipboard #memory #dfir #forensic #history
+* https://xybytes.com/azure/Abusing-Azure-Arc ; #azure-arc #lateral-movement #service-principal
 * https://zer1t0.gitlab.io/posts/attacking_ad ; #active-directory #methodology #kerberos #trust #gpo #kerberoast #asreproast #logon-types #acl 
 * http://www.selfadsi.de ; #active-directory #ldap #wiki #documentation
 * http://www.webappsec.org/projects/articles/121106.shtml ; #smtp #imap #injection #http #mail
diff --git a/wordlist/credential-windows-files b/wordlist/credential-windows-files
deleted file mode 100644
index bd13276..0000000
--- a/wordlist/credential-windows-files
+++ /dev/null
@@ -1,235 +0,0 @@
-C:/Users/Administrator/NTUser.dat
-C:/Documents and Settings/Administrator/NTUser.dat
-C:/apache/logs/access.log
-C:/apache/logs/error.log
-C:/apache/php/php.ini
-C:/boot.ini
-C:/inetpub/wwwroot/global.asa
-C:/MySQL/data/hostname.err
-C:/MySQL/data/mysql.err
-C:/MySQL/data/mysql.log
-C:/MySQL/my.cnf
-C:/MySQL/my.ini
-C:/php4/php.ini
-C:/php5/php.ini
-C:/php/php.ini
-C:/Program Files/Apache Group/Apache2/conf/httpd.conf
-C:/Program Files/Apache Group/Apache/conf/httpd.conf
-C:/Program Files/Apache Group/Apache/logs/access.log
-C:/Program Files/Apache Group/Apache/logs/error.log
-C:/Program Files/FileZilla Server/FileZilla Server.xml
-C:/Program Files/MySQL/data/hostname.err
-C:/Program Files/MySQL/data/mysql-bin.log
-C:/Program Files/MySQL/data/mysql.err
-C:/Program Files/MySQL/data/mysql.log
-C:/Program Files/MySQL/my.ini
-C:/Program Files/MySQL/my.cnf
-C:/Program Files/MySQL/MySQL Server 5.0/data/hostname.err
-C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log
-C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err
-C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log
-C:/Program Files/MySQL/MySQL Server 5.0/my.cnf
-C:/Program Files/MySQL/MySQL Server 5.0/my.ini
-C:/Program Files (x86)/Apache Group/Apache2/conf/httpd.conf
-C:/Program Files (x86)/Apache Group/Apache/conf/httpd.conf
-C:/Program Files (x86)/Apache Group/Apache/conf/access.log
-C:/Program Files (x86)/Apache Group/Apache/conf/error.log
-C:/Program Files (x86)/FileZilla Server/FileZilla Server.xml
-C:/Program Files (x86)/xampp/apache/conf/httpd.conf
-C:/WINDOWS/php.ini
-C:/WINDOWS/Repair/SAM
-C:/Windows/repair/system C:/Windows/repair/software
-C:/Windows/repair/security
-C:/WINDOWS/System32/drivers/etc/hosts
-C:/Windows/win.ini
-C:/WINNT/php.ini
-C:/WINNT/win.ini
-C:/xampp/apache/bin/php.ini
-C:/xampp/apache/logs/access.log
-C:/xampp/apache/logs/error.log
-C:/Windows/Panther/Unattend/Unattended.xml
-C:/Windows/Panther/Unattended.xml
-C:/Windows/debug/NetSetup.log
-C:/Windows/system32/config/AppEvent.Evt
-C:/Windows/system32/config/SecEvent.Evt
-C:/Windows/system32/config/default.sav
-C:/Windows/system32/config/security.sav
-C:/Windows/system32/config/software.sav
-C:/Windows/system32/config/system.sav
-C:/Windows/system32/config/regback/default
-C:/Windows/system32/config/regback/sam
-C:/Windows/system32/config/regback/security
-C:/Windows/system32/config/regback/system
-C:/Windows/system32/config/regback/software
-C:/Program Files/MySQL/MySQL Server 5.1/my.ini
-C:/Windows/System32/inetsrv/config/schema/ASPNET_schema.xml
-C:/Windows/System32/inetsrv/config/applicationHost.config
-C:/inetpub/logs/LogFiles/W3SVC1/u_ex[YYMMDD].log
-C:/Program Files/Microsoft SQL Server/MSSQL.1/Template Data/master.mdf
-C:/Program Files/Microsoft SQL Server/MSSQL10.SQLEXPRESS/Template Data/master.mdf
-C:/Program Files/Microsoft SQL Server/MSSQL11.SQLEXPRESS/Template Data/master.mdf
-C:/Program Files/Microsoft SQL Server/MSSQL12.SQLEXPRESS/Template Data/master.mdf
-C:/Program Files/Microsoft SQL Server/MSSQL13.SQLEXPRESS/Template Data/master.mdf
-C:/Program Files/Microsoft SQL Server/MSSQL14.SQLEXPRESS/Template Data/master.mdf
-c:/php5/php.ini
-c:/php4/php.ini
-c:/php/php.ini
-c:/PHP/php.ini
-c:/WINDOWS/php.ini
-c:/WINNT/php.ini
-c:/apache/php/php.ini
-c:/xampp/apache/bin/php.ini
-c:/NetServer/bin/stable/apache/php.ini
-c:/Program Files/MySQL/MySQL Server 5.0/data/{IPDELHOST}.err
-c:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log
-c:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err
-c:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log
-c:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.index
-c:/Program Files/MySQL/data/{IPDELHOST}.err
-c:/Program Files/MySQL/data/mysql.log
-c:/Program Files/MySQL/data/mysql.err
-c:/Program Files/MySQL/data/mysql-bin.log
-c:/Program Files/MySQL/data/mysql-bin.index
-c:/MySQL/data/{IPDELHOST}.err
-c:/MySQL/data/mysql.log
-c:/MySQL/data/mysql.err
-c:/MySQL/data/mysql-bin.log
-c:/MySQL/data/mysql-bin.index
-c:/Program Files/MySQL/MySQL Server 5.0/my.ini
-c:/Program Files/MySQL/MySQL Server 5.0/my.cnf
-c:/Program Files/MySQL/my.ini
-c:/Program Files/MySQL/my.cnf
-c:/MySQL/my.ini
-c:/MySQL/my.cnf
-c:/mysql/bin/my.ini
-c:/PostgreSQL/log/pgadmin.log
-c:/var/lib/pgsql/data/postgresql.conf
-c:/var/postgresql/db/postgresql.conf
-c:/var/nm2/postgresql.conf
-c:/usr/local/pgsql/data/postgresql.conf
-c:/usr/local/pgsql/data/pg_hba.conf
-c:/usr/internet/pgsql/data/pg_hba.conf
-c:/usr/local/pgsql/data/passwd
-c:/usr/local/pgsql/bin/pg_passwd
-c:/etc/postgresql/postgresql.conf
-c:/etc/postgresql/pg_hba.conf
-c:/home/postgres/data/postgresql.conf
-c:/home/postgres/data/PG_VERSION
-c:/home/postgres/data/pg_ident.conf
-c:/home/postgres/data/pg_hba.conf
-c:/Program Files/PostgreSQL/8.3/data/pg_hba.conf
-c:/Program Files/PostgreSQL/8.3/data/pg_ident.conf
-c:/Program Files/PostgreSQL/8.3/data/postgresql.conf
-c:/Program Files/PostgreSQL/8.4/data/pg_hba.conf
-c:/Program Files/PostgreSQL/8.4/data/pg_ident.conf
-c:/Program Files/PostgreSQL/8.4/data/postgresql.conf
-c:/Program Files/PostgreSQL/9.0/data/pg_hba.conf
-c:/Program Files/PostgreSQL/9.0/data/pg_ident.conf
-c:/Program Files/PostgreSQL/9.0/data/postgresql.conf
-c:/Program Files/PostgreSQL/9.1/data/pg_hba.conf
-c:/Program Files/PostgreSQL/9.1/data/pg_ident.conf
-c:/Program Files/PostgreSQL/9.1/data/postgresql.conf
-c:/wamp/logs/access.log
-c:/wamp/logs/apache_error.log
-c:/wamp/logs/genquery.log
-c:/wamp/logs/mysql.log
-c:/wamp/logs/slowquery.log
-c:/wamp/bin/apache/apache2.2.22/logs/access.log
-c:/wamp/bin/apache/apache2.2.22/logs/error.log
-c:/wamp/bin/apache/apache2.2.21/logs/access.log
-c:/wamp/bin/apache/apache2.2.21/logs/error.log
-c:/wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index
-c:/wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index
-c:/wamp/bin/apache/apache2.2.21/conf/httpd.conf
-c:/wamp/bin/apache/apache2.2.22/conf/httpd.conf
-c:/wamp/bin/apache/apache2.2.21/wampserver.conf
-c:/wamp/bin/apache/apache2.2.22/wampserver.conf
-c:/wamp/bin/apache/apache2.2.22/conf/wampserver.conf
-c:/wamp/bin/mysql/mysql5.5.24/my.ini
-c:/wamp/bin/mysql/mysql5.5.24/wampserver.conf
-c:/wamp/bin/mysql/mysql5.5.16/my.ini
-c:/wamp/bin/mysql/mysql5.5.16/wampserver.conf
-c:/wamp/bin/php/php5.3.8/php.ini
-c:/wamp/bin/php/php5.4.3/php.ini
-c:/xampp/apache/logs/access.log
-c:/xampp/apache/logs/error.log
-c:/xampp/mysql/data/mysql-bin.index
-c:/xampp/mysql/data/mysql.err
-c:/xampp/mysql/data/{IPDELHOST}.err
-c:/xampp/sendmail/sendmail.log
-c:/xampp/apache/conf/httpd.conf
-c:/xampp/FileZillaFTP/FileZilla Server.xml
-c:/xampp/MercuryMail/mercury.ini
-c:/xampp/php/php.ini
-c:/xampp/phpMyAdmin/config.inc.php
-c:/xampp/sendmail/sendmail.ini
-c:/xampp/webalizer/webalizer.conf
-c:/xampp/htdocs/aca.txt
-c:/xampp/htdocs/admin.php
-c:/xampp/htdocs/leer.txt
-c:/WINNT/system32/logfiles/MSFTPSVC
-c:/WINNT/system32/logfiles/MSFTPSVC1
-c:/WINNT/system32/logfiles/MSFTPSVC2
-c:/WINDOWS/system32/logfiles/MSFTPSVC
-c:/WINDOWS/system32/logfiles/MSFTPSVC1
-c:/WINDOWS/system32/logfiles/MSFTPSVC2
-c:/WINNT/system32/logfiles/SMTPSVC
-c:/WINNT/system32/logfiles/SMTPSVC1
-c:/WINNT/system32/logfiles/SMTPSVC2
-c:/WINNT/system32/logfiles/SMTPSVC3
-c:/WINNT/system32/logfiles/SMTPSVC4
-c:/WINNT/system32/logfiles/SMTPSVC5
-c:/WINDOWS/system32/logfiles/SMTPSVC
-c:/WINDOWS/system32/logfiles/SMTPSVC1
-c:/WINDOWS/system32/logfiles/SMTPSVC2
-c:/WINDOWS/system32/logfiles/SMTPSVC3
-c:/WINDOWS/system32/logfiles/SMTPSVC4
-c:/WINDOWS/system32/logfiles/SMTPSVC5
-c:/WINNT/system32/logfiles/W3SVC/inetsvn1.log
-c:/WINNT/system32/logfiles/W3SVC1/inetsvn1.log
-c:/WINNT/system32/logfiles/W3SVC2/inetsvn1.log
-c:/WINNT/system32/logfiles/W3SVC3/inetsvn1.log
-c:/WINDOWS/system32/logfiles/W3SVC/inetsvn1.log
-c:/WINDOWS/system32/logfiles/W3SVC1/inetsvn1.log
-c:/WINDOWS/system32/logfiles/W3SVC2/inetsvn1.log
-c:/WINDOWS/system32/logfiles/W3SVC3/inetsvn1.log
-c:/Program Files/Apache Group/Apache/logs/access.log
-c:/Program Files/Apache Group/Apache/logs/error.log
-c:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log
-c:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log
-c:/Program Files/Apache Group/Apache/conf/httpd.conf
-c:/Program Files/Apache Group/Apache2/conf/httpd.conf
-c:/Program Files/xampp/apache/conf/apache.conf
-c:/Program Files/xampp/apache/conf/apache2.conf
-c:/Program Files/xampp/apache/conf/httpd.conf
-c:/Program Files/Apache Group/Apache/apache.conf
-c:/Program Files/Apache Group/Apache/conf/apache.conf
-c:/Program Files/Apache Group/Apache2/conf/apache.conf
-c:/Program Files/Apache Group/Apache/apache2.conf
-c:/Program Files/Apache Group/Apache/conf/apache2.conf
-c:/Program Files/Apache Group/Apache2/conf/apache2.conf
-c:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd.conf
-c:/var/log/lighttpd/{DOMAIN}/access.log
-c:/Program Files/Vidalia Bundle/Polipo/polipo.conf
-c:/WINNT/system32/logfiles/Firewall/pfirewall.log
-c:/WINNT/system32/logfiles/Firewall/pfirewall.log.old
-c:/WINDOWS/system32/logfiles/Firewall/pfirewall.log
-c:/WINDOWS/system32/logfiles/Firewall/pfirewall.log.old
-c:/WINDOWS/system32/drivers/etc/hosts
-c:/WINDOWS/system32/drivers/etc/lmhosts.sam
-c:/WINDOWS/system32/drivers/etc/networks
-c:/WINDOWS/system32/drivers/etc/protocol
-c:/WINDOWS/system32/drivers/etc/services
-c:/boot.ini
-c:/WINDOWS/Debug/NetSetup.LOG
-c:/WINDOWS/comsetup.log
-c:/WINDOWS/repair/setup.log
-c:/WINDOWS/setupact.log
-c:/WINDOWS/setupapi.log
-c:/WINDOWS/setuperr.log
-c:/WINDOWS/updspapi.log
-c:/WINDOWS/wmsetup.log
-c:/WINDOWS/WindowsUpdate.log
-c:/WINDOWS/ODBC.INI
-c:/WINDOWS/system32/Macromed/Flash/FlashInstall.log
-c:/WINDOWS/system32/Macromed/Flash/install.log
diff --git a/wordlist/credential-windows-paths b/wordlist/credential-windows-paths
deleted file mode 100644
index 7e64af9..0000000
--- a/wordlist/credential-windows-paths
+++ /dev/null
@@ -1,204 +0,0 @@
-c:/apache/logs/access.log
-c:/apache/logs/error.log
-c:/apache/php/php.ini
-c:/boot.ini
-c:/documents and settings/administrator/ntuser.dat
-c:/etc/postgresql/pg_hba.conf
-c:/etc/postgresql/postgresql.conf
-c:/home/postgres/data/pg_hba.conf
-c:/home/postgres/data/pg_ident.conf
-c:/home/postgres/data/pg_version
-c:/home/postgres/data/postgresql.conf
-c:/inetpub/logs/logfiles/w3svc1/u_ex[yymmdd].log
-c:/inetpub/wwwroot/global.asa
-c:/mysql/bin/my.ini
-c:/mysql/data/hostname.err
-c:/mysql/data/{ipdelhost}.err
-c:/mysql/data/mysql-bin.index
-c:/mysql/data/mysql-bin.log
-c:/mysql/data/mysql.err
-c:/mysql/data/mysql.log
-c:/mysql/my.cnf
-c:/mysql/my.ini
-c:/netserver/bin/stable/apache/php.ini
-c:/php4/php.ini
-c:/php5/php.ini
-c:/php/php.ini
-c:/postgresql/log/pgadmin.log
-c:/program files/apache group/apache2/conf/apache2.conf
-c:/program files/apache group/apache2/conf/apache.conf
-c:/program files/apache group/apache2/conf/httpd.conf
-c:/program files/apache group/apache/apache2.conf
-c:/program files/apache group/apache/apache.conf
-c:/program files/apache group/apache/conf/apache2.conf
-c:/program files/apache group/apache/conf/apache.conf
-c:/program files/apache group/apache/conf/httpd.conf
-c:/program files/apache group/apache/logs/access.log
-c:/program files/apache group/apache/logs/error.log
-c:/program files/apache software foundation/apache2.2/conf/httpd.conf
-c:/program files/apache software foundation/apache2.2/logs/access.log
-c:/program files/apache software foundation/apache2.2/logs/error.log
-c:/program files/filezilla server/filezilla server.xml
-c:/program files/microsoft sql server/mssql10.sqlexpress/template data/master.mdf
-c:/program files/microsoft sql server/mssql11.sqlexpress/template data/master.mdf
-c:/program files/microsoft sql server/mssql12.sqlexpress/template data/master.mdf
-c:/program files/microsoft sql server/mssql13.sqlexpress/template data/master.mdf
-c:/program files/microsoft sql server/mssql14.sqlexpress/template data/master.mdf
-c:/program files/microsoft sql server/mssql.1/template data/master.mdf
-c:/program files/mysql/data/hostname.err
-c:/program files/mysql/data/{ipdelhost}.err
-c:/program files/mysql/data/mysql-bin.index
-c:/program files/mysql/data/mysql-bin.log
-c:/program files/mysql/data/mysql.err
-c:/program files/mysql/data/mysql.log
-c:/program files/mysql/my.cnf
-c:/program files/mysql/my.ini
-c:/program files/mysql/mysql server 5.0/data/hostname.err
-c:/program files/mysql/mysql server 5.0/data/{ipdelhost}.err
-c:/program files/mysql/mysql server 5.0/data/mysql-bin.index
-c:/program files/mysql/mysql server 5.0/data/mysql-bin.log
-c:/program files/mysql/mysql server 5.0/data/mysql.err
-c:/program files/mysql/mysql server 5.0/data/mysql.log
-c:/program files/mysql/mysql server 5.0/my.cnf
-c:/program files/mysql/mysql server 5.0/my.ini
-c:/program files/mysql/mysql server 5.1/my.ini
-c:/program files/postgresql/8.3/data/pg_hba.conf
-c:/program files/postgresql/8.3/data/pg_ident.conf
-c:/program files/postgresql/8.3/data/postgresql.conf
-c:/program files/postgresql/8.4/data/pg_hba.conf
-c:/program files/postgresql/8.4/data/pg_ident.conf
-c:/program files/postgresql/8.4/data/postgresql.conf
-c:/program files/postgresql/9.0/data/pg_hba.conf
-c:/program files/postgresql/9.0/data/pg_ident.conf
-c:/program files/postgresql/9.0/data/postgresql.conf
-c:/program files/postgresql/9.1/data/pg_hba.conf
-c:/program files/postgresql/9.1/data/pg_ident.conf
-c:/program files/postgresql/9.1/data/postgresql.conf
-c:/program files/vidalia bundle/polipo/polipo.conf
-c:/program files (x86)/apache group/apache2/conf/httpd.conf
-c:/program files (x86)/apache group/apache/conf/access.log
-c:/program files (x86)/apache group/apache/conf/error.log
-c:/program files (x86)/apache group/apache/conf/httpd.conf
-c:/program files (x86)/filezilla server/filezilla server.xml
-c:/program files (x86)/xampp/apache/conf/httpd.conf
-c:/program files/xampp/apache/conf/apache2.conf
-c:/program files/xampp/apache/conf/apache.conf
-c:/program files/xampp/apache/conf/httpd.conf
-c:/users/administrator/ntuser.dat
-c:/usr/internet/pgsql/data/pg_hba.conf
-c:/usr/local/pgsql/bin/pg_passwd
-c:/usr/local/pgsql/data/passwd
-c:/usr/local/pgsql/data/pg_hba.conf
-c:/usr/local/pgsql/data/postgresql.conf
-c:/var/lib/pgsql/data/postgresql.conf
-c:/var/log/lighttpd/{domain}/access.log
-c:/var/nm2/postgresql.conf
-c:/var/postgresql/db/postgresql.conf
-c:/wamp/bin/apache/apache2.2.21/conf/httpd.conf
-c:/wamp/bin/apache/apache2.2.21/logs/access.log
-c:/wamp/bin/apache/apache2.2.21/logs/error.log
-c:/wamp/bin/apache/apache2.2.21/wampserver.conf
-c:/wamp/bin/apache/apache2.2.22/conf/httpd.conf
-c:/wamp/bin/apache/apache2.2.22/conf/wampserver.conf
-c:/wamp/bin/apache/apache2.2.22/logs/access.log
-c:/wamp/bin/apache/apache2.2.22/logs/error.log
-c:/wamp/bin/apache/apache2.2.22/wampserver.conf
-c:/wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index
-c:/wamp/bin/mysql/mysql5.5.16/my.ini
-c:/wamp/bin/mysql/mysql5.5.16/wampserver.conf
-c:/wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index
-c:/wamp/bin/mysql/mysql5.5.24/my.ini
-c:/wamp/bin/mysql/mysql5.5.24/wampserver.conf
-c:/wamp/bin/php/php5.3.8/php.ini
-c:/wamp/bin/php/php5.4.3/php.ini
-c:/wamp/logs/access.log
-c:/wamp/logs/apache_error.log
-c:/wamp/logs/genquery.log
-c:/wamp/logs/mysql.log
-c:/wamp/logs/slowquery.log
-c:/windows/comsetup.log
-c:/windows/debug/netsetup.log
-c:/windows/odbc.ini
-c:/windows/panther/unattended.xml
-c:/windows/panther/unattend/unattended.xml
-c:/windows/php.ini
-c:/windows/repair/sam
-c:/windows/repair/security
-c:/windows/repair/setup.log
-c:/windows/repair/system c:/windows/repair/software
-c:/windows/setupact.log
-c:/windows/setupapi.log
-c:/windows/setuperr.log
-c:/windows/system32/config/appevent.evt
-c:/windows/system32/config/default.sav
-c:/windows/system32/config/regback/default
-c:/windows/system32/config/regback/sam
-c:/windows/system32/config/regback/security
-c:/windows/system32/config/regback/software
-c:/windows/system32/config/regback/system
-c:/windows/system32/config/secevent.evt
-c:/windows/system32/config/security.sav
-c:/windows/system32/config/software.sav
-c:/windows/system32/config/system.sav
-c:/windows/system32/drivers/etc/hosts
-c:/windows/system32/drivers/etc/lmhosts.sam
-c:/windows/system32/drivers/etc/networks
-c:/windows/system32/drivers/etc/protocol
-c:/windows/system32/drivers/etc/services
-c:/windows/system32/inetsrv/config/applicationhost.config
-c:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
-c:/windows/system32/logfiles/firewall/pfirewall.log
-c:/windows/system32/logfiles/firewall/pfirewall.log.old
-c:/windows/system32/logfiles/msftpsvc
-c:/windows/system32/logfiles/msftpsvc1
-c:/windows/system32/logfiles/msftpsvc2
-c:/windows/system32/logfiles/smtpsvc
-c:/windows/system32/logfiles/smtpsvc1
-c:/windows/system32/logfiles/smtpsvc2
-c:/windows/system32/logfiles/smtpsvc3
-c:/windows/system32/logfiles/smtpsvc4
-c:/windows/system32/logfiles/smtpsvc5
-c:/windows/system32/logfiles/w3svc1/inetsvn1.log
-c:/windows/system32/logfiles/w3svc2/inetsvn1.log
-c:/windows/system32/logfiles/w3svc3/inetsvn1.log
-c:/windows/system32/logfiles/w3svc/inetsvn1.log
-c:/windows/system32/macromed/flash/flashinstall.log
-c:/windows/system32/macromed/flash/install.log
-c:/windows/updspapi.log
-c:/windows/windowsupdate.log
-c:/windows/win.ini
-c:/windows/wmsetup.log
-c:/winnt/php.ini
-c:/winnt/system32/logfiles/firewall/pfirewall.log
-c:/winnt/system32/logfiles/firewall/pfirewall.log.old
-c:/winnt/system32/logfiles/msftpsvc
-c:/winnt/system32/logfiles/msftpsvc1
-c:/winnt/system32/logfiles/msftpsvc2
-c:/winnt/system32/logfiles/smtpsvc
-c:/winnt/system32/logfiles/smtpsvc1
-c:/winnt/system32/logfiles/smtpsvc2
-c:/winnt/system32/logfiles/smtpsvc3
-c:/winnt/system32/logfiles/smtpsvc4
-c:/winnt/system32/logfiles/smtpsvc5
-c:/winnt/system32/logfiles/w3svc1/inetsvn1.log
-c:/winnt/system32/logfiles/w3svc2/inetsvn1.log
-c:/winnt/system32/logfiles/w3svc3/inetsvn1.log
-c:/winnt/system32/logfiles/w3svc/inetsvn1.log
-c:/winnt/win.ini
-c:/xampp/apache/bin/php.ini
-c:/xampp/apache/conf/httpd.conf
-c:/xampp/apache/logs/access.log
-c:/xampp/apache/logs/error.log
-c:/xampp/filezillaftp/filezilla server.xml
-c:/xampp/htdocs/aca.txt
-c:/xampp/htdocs/admin.php
-c:/xampp/htdocs/leer.txt
-c:/xampp/mercurymail/mercury.ini
-c:/xampp/mysql/data/{ipdelhost}.err
-c:/xampp/mysql/data/mysql-bin.index
-c:/xampp/mysql/data/mysql.err
-c:/xampp/phpmyadmin/config.inc.php
-c:/xampp/php/php.ini
-c:/xampp/sendmail/sendmail.ini
-c:/xampp/sendmail/sendmail.log
-c:/xampp/webalizer/webalizer.conf
diff --git a/wordlist/local-file-inclusion-windows b/wordlist/local-file-inclusion-windows
index 912df83..16769b1 100644
--- a/wordlist/local-file-inclusion-windows
+++ b/wordlist/local-file-inclusion-windows
@@ -1,102 +1,240 @@
-$HOME\documents\windowspowershell\microsoft.powershellise_profile.ps1
-$HOME\documents\windowspowershell\microsoft.powershell_profile.ps1
-$HOME\appdata\roaming\microsoft\windows\powershell\psreadline\consolehost_history.txt
-$HOME\.ssh\known_hosts
-c:\apache\logs\access.log
-c:\apache\logs\error.log
-c:\apache\php\php.ini
-c:\boot.ini
-c:\documents and settings\administrator\ntuser.dat
-c:\inetpub\logs\logfiles
-c:\inetpub\wwwroot\global.asa
-c:\inetpub\wwwroot\index.asp
-c:\inetpub\wwwroot\web.config
-c:\mysql\data\hostname.err
-c:\mysql\data\mysql.err
-c:\mysql\data\mysql.log
-c:\mysql\my.cnf
-c:\mysql\my.ini
-c:\php4\php.ini
-c:\php5\php.ini
-c:\php\php.ini
-c:\program files\apache group\apache2\conf\httpd.conf
-c:\program files\apache group\apache\conf\httpd.conf
-c:\program files\apache group\apache\logs\access.log
-c:\program files\apache group\apache\logs\error.log
-c:\program files\filezilla server\filezilla server.xml
-c:\program files\mysql\data\hostname.err
-c:\program files\mysql\data\mysql-bin.log
-c:\program files\mysql\data\mysql.err
-c:\program files\mysql\data\mysql.log
-c:\program files\mysql\my.cnf
-c:\program files\mysql\my.ini
-c:\program files\mysql\mysql server 5.0\data\hostname.err
-c:\program files\mysql\mysql server 5.0\data\mysql-bin.log
-c:\program files\mysql\mysql server 5.0\data\mysql.err
-c:\program files\mysql\mysql server 5.0\data\mysql.log
-c:\program files\mysql\mysql server 5.0\my.cnf
-c:\program files\mysql\mysql server 5.0\my.ini
-c:\program files\mysql\mysql server 5.1\my.ini
-c:\program files (x86)\apache group\apache2\conf\httpd.conf
-c:\program files (x86)\apache group\apache\conf\access.log
-c:\program files (x86)\apache group\apache\conf\error.log
-c:\program files (x86)\apache group\apache\conf\httpd.conf
-c:\program files (x86)\filezilla server\filezilla server.xml
-c:\program files (x86)\xampp\apache\conf\httpd.conf
-c:\sysprep.inf
-c:\sysprep\sysprep.inf
-c:\sysprep\sysprep.xml
-c:\sysprep.xml
-c:\system32\inetsrv\metabase.xml
-c:\system volume information\wpsettings.dat
-c:\unattended.txt
-c:\unattended.xml
-c:\unattend.txt
-c:\unattend.xml
-c:\users\administrator\appdata\local\recently-used.xbel
-c:\users\administrator\desktop\desktop.ini
-c:\users\administrator\ntuser.dat
-c:\windows\ccm\logs\filesystemfile.log
-c:\windows\debug\netlogon.log
-c:\windows\debug\netsetup.log
-c:\windows\debug\passwd.log
-c:\windows\debug\sammui.log
-c:\windows\iis.log
-c:\windows\panther\sysprep.inf
-c:\windows\panther\unattended\unattended.xml
-c:\windows\panther\unattended.xml
-c:\windows\panther\unattend\unattended.xml
-c:\windows\php.ini
-c:\windows\repair\sam
-c:\windows\repair\security
-c:\windows\repair\software
-c:\windows\repair\system
-c:\windows\system32\config\appevent.evt
-c:\windows\system32\config\default.sav
-c:\windows\system32\config\regback\default
-c:\windows\system32\config\regback\sam
-c:\windows\system32\config\regback\security
-c:\windows\system32\config\regback\software
-c:\windows\system32\config\regback\system
-c:\windows\system32\config\secevent.evt
-c:\windows\system32\config\security.sav
-c:\windows\system32\config\software.sav
-c:\windows\system32\config\system
-c:\windows\system32\config\system.sav
-c:\windows\system32\drivers\etc\hosts
-c:\windows\system32\inetsrv\config\applicationhost.config
-c:\windows\system32\inetsrv\config\schema\aspnet_schema.xml
-c:\windows\system32\logfiles\httperr\httperr1.log
-c:\windows\system32\tasks\daily
-c:\windows\system32\windowspowershell\v1.0\microsoft.powershell_profile.ps1
-c:\windows\system32\windowspowershell\v1.0\profile.ps1
-c:\windows\system32\winevt\logs\system.evtx
-c:\windows\system32\winevt\logs\windows powershell.evtx
-c:\windows\system.ini
-c:\windows\windowsupdate.log
-c:\windows\win.ini
-c:\winnt\php.ini
-c:\winnt\win.ini
-c:\xampp\apache\bin\php.ini
-c:\xampp\apache\logs\access.log
-c:\xampp\apache\logs\error.log
+$home/appdata/roaming/microsoft/windows/powershell/psreadline/consolehost_history.txt
+$home/documents/windowspowershell/microsoft.powershellise_profile.ps1
+$home/documents/windowspowershell/microsoft.powershell_profile.ps1
+$home/.ssh/known_hosts
+c:/apache/logs/access.log
+c:/apache/logs/error.log
+c:/apache/php/php.ini
+c:/boot.ini
+c:/documents and settings/administrator/ntuser.dat
+c:/etc/postgresql/pg_hba.conf
+c:/etc/postgresql/postgresql.conf
+c:/home/postgres/data/pg_hba.conf
+c:/home/postgres/data/pg_ident.conf
+c:/home/postgres/data/pg_version
+c:/home/postgres/data/postgresql.conf
+c:/inetpub/logs/logfiles
+c:/inetpub/logs/logfiles/w3svc1/u_ex[yymmdd].log
+c:/inetpub/wwwroot/global.asa
+c:/inetpub/wwwroot/index.asp
+c:/inetpub/wwwroot/web.config
+c:/mysql/bin/my.ini
+c:/mysql/data/hostname.err
+c:/mysql/data/{ipdelhost}.err
+c:/mysql/data/mysql-bin.index
+c:/mysql/data/mysql-bin.log
+c:/mysql/data/mysql.err
+c:/mysql/data/mysql.log
+c:/mysql/my.cnf
+c:/mysql/my.ini
+c:/netserver/bin/stable/apache/php.ini
+c:/php4/php.ini
+c:/php5/php.ini
+c:/php/php.ini
+c:/postgresql/log/pgadmin.log
+c:/program files/apache group/apache2/conf/apache2.conf
+c:/program files/apache group/apache2/conf/apache.conf
+c:/program files/apache group/apache2/conf/httpd.conf
+c:/program files/apache group/apache/apache2.conf
+c:/program files/apache group/apache/apache.conf
+c:/program files/apache group/apache/conf/apache2.conf
+c:/program files/apache group/apache/conf/apache.conf
+c:/program files/apache group/apache/conf/httpd.conf
+c:/program files/apache group/apache/logs/access.log
+c:/program files/apache group/apache/logs/error.log
+c:/program files/apache software foundation/apache2.2/conf/httpd.conf
+c:/program files/apache software foundation/apache2.2/logs/access.log
+c:/program files/apache software foundation/apache2.2/logs/error.log
+c:/program files/filezilla server/filezilla server.xml
+c:/program files/microsoft sql server/mssql10.sqlexpress/template data/master.mdf
+c:/program files/microsoft sql server/mssql11.sqlexpress/template data/master.mdf
+c:/program files/microsoft sql server/mssql12.sqlexpress/template data/master.mdf
+c:/program files/microsoft sql server/mssql13.sqlexpress/template data/master.mdf
+c:/program files/microsoft sql server/mssql14.sqlexpress/template data/master.mdf
+c:/program files/microsoft sql server/mssql.1/template data/master.mdf
+c:/program files/mysql/data/hostname.err
+c:/program files/mysql/data/{ipdelhost}.err
+c:/program files/mysql/data/mysql-bin.index
+c:/program files/mysql/data/mysql-bin.log
+c:/program files/mysql/data/mysql.err
+c:/program files/mysql/data/mysql.log
+c:/program files/mysql/my.cnf
+c:/program files/mysql/my.ini
+c:/program files/mysql/mysql server 5.0/data/hostname.err
+c:/program files/mysql/mysql server 5.0/data/{ipdelhost}.err
+c:/program files/mysql/mysql server 5.0/data/mysql-bin.index
+c:/program files/mysql/mysql server 5.0/data/mysql-bin.log
+c:/program files/mysql/mysql server 5.0/data/mysql.err
+c:/program files/mysql/mysql server 5.0/data/mysql.log
+c:/program files/mysql/mysql server 5.0/my.cnf
+c:/program files/mysql/mysql server 5.0/my.ini
+c:/program files/mysql/mysql server 5.1/my.ini
+c:/program files/postgresql/8.3/data/pg_hba.conf
+c:/program files/postgresql/8.3/data/pg_ident.conf
+c:/program files/postgresql/8.3/data/postgresql.conf
+c:/program files/postgresql/8.4/data/pg_hba.conf
+c:/program files/postgresql/8.4/data/pg_ident.conf
+c:/program files/postgresql/8.4/data/postgresql.conf
+c:/program files/postgresql/9.0/data/pg_hba.conf
+c:/program files/postgresql/9.0/data/pg_ident.conf
+c:/program files/postgresql/9.0/data/postgresql.conf
+c:/program files/postgresql/9.1/data/pg_hba.conf
+c:/program files/postgresql/9.1/data/pg_ident.conf
+c:/program files/postgresql/9.1/data/postgresql.conf
+c:/program files/vidalia bundle/polipo/polipo.conf
+c:/program files (x86)/apache group/apache2/conf/httpd.conf
+c:/program files (x86)/apache group/apache/conf/access.log
+c:/program files (x86)/apache group/apache/conf/error.log
+c:/program files (x86)/apache group/apache/conf/httpd.conf
+c:/program files (x86)/filezilla server/filezilla server.xml
+c:/program files (x86)/xampp/apache/conf/httpd.conf
+c:/program files/xampp/apache/conf/apache2.conf
+c:/program files/xampp/apache/conf/apache.conf
+c:/program files/xampp/apache/conf/httpd.conf
+c:/sysprep.inf
+c:/sysprep/sysprep.inf
+c:/sysprep/sysprep.xml
+c:/sysprep.xml
+c:/system32/inetsrv/metabase.xml
+c:/system volume information/wpsettings.dat
+c:/unattended.txt
+c:/unattended.xml
+c:/unattend.txt
+c:/unattend.xml
+c:/users/administrator/appdata/local/recently-used.xbel
+c:/users/administrator/desktop/desktop.ini
+c:/users/administrator/ntuser.dat
+c:/usr/internet/pgsql/data/pg_hba.conf
+c:/usr/local/pgsql/bin/pg_passwd
+c:/usr/local/pgsql/data/passwd
+c:/usr/local/pgsql/data/pg_hba.conf
+c:/usr/local/pgsql/data/postgresql.conf
+c:/var/lib/pgsql/data/postgresql.conf
+c:/var/log/lighttpd/{domain}/access.log
+c:/var/nm2/postgresql.conf
+c:/var/postgresql/db/postgresql.conf
+c:/wamp/bin/apache/apache2.2.21/conf/httpd.conf
+c:/wamp/bin/apache/apache2.2.21/logs/access.log
+c:/wamp/bin/apache/apache2.2.21/logs/error.log
+c:/wamp/bin/apache/apache2.2.21/wampserver.conf
+c:/wamp/bin/apache/apache2.2.22/conf/httpd.conf
+c:/wamp/bin/apache/apache2.2.22/conf/wampserver.conf
+c:/wamp/bin/apache/apache2.2.22/logs/access.log
+c:/wamp/bin/apache/apache2.2.22/logs/error.log
+c:/wamp/bin/apache/apache2.2.22/wampserver.conf
+c:/wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index
+c:/wamp/bin/mysql/mysql5.5.16/my.ini
+c:/wamp/bin/mysql/mysql5.5.16/wampserver.conf
+c:/wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index
+c:/wamp/bin/mysql/mysql5.5.24/my.ini
+c:/wamp/bin/mysql/mysql5.5.24/wampserver.conf
+c:/wamp/bin/php/php5.3.8/php.ini
+c:/wamp/bin/php/php5.4.3/php.ini
+c:/wamp/logs/access.log
+c:/wamp/logs/apache_error.log
+c:/wamp/logs/genquery.log
+c:/wamp/logs/mysql.log
+c:/wamp/logs/slowquery.log
+c:/windows/ccm/logs/filesystemfile.log
+c:/windows/comsetup.log
+c:/windows/debug/netlogon.log
+c:/windows/debug/netsetup.log
+c:/windows/debug/passwd.log
+c:/windows/debug/sammui.log
+c:/windows/iis.log
+c:/windows/odbc.ini
+c:/windows/panther/sysprep.inf
+c:/windows/panther/unattended/unattended.xml
+c:/windows/panther/unattended.xml
+c:/windows/panther/unattend/unattended.xml
+c:/windows/php.ini
+c:/windows/repair/sam
+c:/windows/repair/security
+c:/windows/repair/setup.log
+c:/windows/repair/software
+c:/windows/repair/system
+c:/windows/repair/system c:/windows/repair/software
+c:/windows/setupact.log
+c:/windows/setupapi.log
+c:/windows/setuperr.log
+c:/windows/system32/config/appevent.evt
+c:/windows/system32/config/default.sav
+c:/windows/system32/config/regback/default
+c:/windows/system32/config/regback/sam
+c:/windows/system32/config/regback/security
+c:/windows/system32/config/regback/software
+c:/windows/system32/config/regback/system
+c:/windows/system32/config/secevent.evt
+c:/windows/system32/config/security.sav
+c:/windows/system32/config/software.sav
+c:/windows/system32/config/system
+c:/windows/system32/config/system.sav
+c:/windows/system32/drivers/etc/hosts
+c:/windows/system32/drivers/etc/lmhosts.sam
+c:/windows/system32/drivers/etc/networks
+c:/windows/system32/drivers/etc/protocol
+c:/windows/system32/drivers/etc/services
+c:/windows/system32/inetsrv/config/applicationhost.config
+c:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
+c:/windows/system32/logfiles/firewall/pfirewall.log
+c:/windows/system32/logfiles/firewall/pfirewall.log.old
+c:/windows/system32/logfiles/httperr/httperr1.log
+c:/windows/system32/logfiles/msftpsvc
+c:/windows/system32/logfiles/msftpsvc1
+c:/windows/system32/logfiles/msftpsvc2
+c:/windows/system32/logfiles/smtpsvc
+c:/windows/system32/logfiles/smtpsvc1
+c:/windows/system32/logfiles/smtpsvc2
+c:/windows/system32/logfiles/smtpsvc3
+c:/windows/system32/logfiles/smtpsvc4
+c:/windows/system32/logfiles/smtpsvc5
+c:/windows/system32/logfiles/w3svc1/inetsvn1.log
+c:/windows/system32/logfiles/w3svc2/inetsvn1.log
+c:/windows/system32/logfiles/w3svc3/inetsvn1.log
+c:/windows/system32/logfiles/w3svc/inetsvn1.log
+c:/windows/system32/macromed/flash/flashinstall.log
+c:/windows/system32/macromed/flash/install.log
+c:/windows/system32/tasks/daily
+c:/windows/system32/windowspowershell/v1.0/microsoft.powershell_profile.ps1
+c:/windows/system32/windowspowershell/v1.0/profile.ps1
+c:/windows/system32/winevt/logs/system.evtx
+c:/windows/system32/winevt/logs/windows powershell.evtx
+c:/windows/system.ini
+c:/windows/updspapi.log
+c:/windows/windowsupdate.log
+c:/windows/win.ini
+c:/windows/wmsetup.log
+c:/winnt/php.ini
+c:/winnt/system32/logfiles/firewall/pfirewall.log
+c:/winnt/system32/logfiles/firewall/pfirewall.log.old
+c:/winnt/system32/logfiles/msftpsvc
+c:/winnt/system32/logfiles/msftpsvc1
+c:/winnt/system32/logfiles/msftpsvc2
+c:/winnt/system32/logfiles/smtpsvc
+c:/winnt/system32/logfiles/smtpsvc1
+c:/winnt/system32/logfiles/smtpsvc2
+c:/winnt/system32/logfiles/smtpsvc3
+c:/winnt/system32/logfiles/smtpsvc4
+c:/winnt/system32/logfiles/smtpsvc5
+c:/winnt/system32/logfiles/w3svc1/inetsvn1.log
+c:/winnt/system32/logfiles/w3svc2/inetsvn1.log
+c:/winnt/system32/logfiles/w3svc3/inetsvn1.log
+c:/winnt/system32/logfiles/w3svc/inetsvn1.log
+c:/winnt/win.ini
+c:/xampp/apache/bin/php.ini
+c:/xampp/apache/conf/httpd.conf
+c:/xampp/apache/logs/access.log
+c:/xampp/apache/logs/error.log
+c:/xampp/filezillaftp/filezilla server.xml
+c:/xampp/htdocs/aca.txt
+c:/xampp/htdocs/admin.php
+c:/xampp/htdocs/leer.txt
+c:/xampp/mercurymail/mercury.ini
+c:/xampp/mysql/data/{ipdelhost}.err
+c:/xampp/mysql/data/mysql-bin.index
+c:/xampp/mysql/data/mysql.err
+c:/xampp/phpmyadmin/config.inc.php
+c:/xampp/php/php.ini
+c:/xampp/sendmail/sendmail.ini
+c:/xampp/sendmail/sendmail.log
+c:/xampp/webalizer/webalizer.conf