Logs and Backup Files

When users and administrators use random plugins, these plugins may sometimes be insecure or the administrator just do not know how to secure a website. Here are a few path's to always check for loot!

Do note that a common bypass for a 4xx response is to URL-encode the dot to a %2e. It may let you access it! 403 Bypasser can be a good tool of assistance.

Debug Log

/wp-content/debug.log

/wp-content/debug%2elog

Log file sometimes exsts in paths with country code directories (yes, it had wp-admin there too and worked)

/fr/wp-admin/wp-content/debug.log

Sometimes the file is too large to display within burpsuite or web browser and is tedious to download. The Range header may help retrieve a partial content of the logfile and can be adjusted accordingly.

curl -H 'Range: bytes=0-1024' '<DOMAIN>'

Zipped Uploads Folder

/wp-content/uploads.zip

/wp-content/uploads.tar.gz

/wp-content/uploads.7z

/wp-content/backup.zip

/wp-content/backup.tar.gz

/wp-content/backup.7z

Custom

Let's say a victims website is named BananaLogistics.co.uk. If so, there's a high probability the backup file may be named similar to the name of the website or company.

BananaLogistics.co.uk.7z
BananaLogistics.co.uk.zip
BananaLogistics.co.uk.tar.gz
BananaLogistics.7z
BananaLogistics.zip
BananaLogistics.tar.gz