Browsers are an incredibly important tool when it comes to breakout assessments as they allow users to not only access network based and internet based resources, but can also be used to navigate through files, and establish connections using different protocols.

While different browsers have different default settings and can provide varying levels of help, all browsers are capable of using the file:/// protocol. When the file:/// protocol is used as part of a URL, a browser will make a request for a local file. This can enable us to enumerate information about the system and use the browser as a method to launch local executables.

When using the file:/// protocol it is important to understand that there are 3 / characters (however most browsers will support only 2 / characters) this is because the file schema uses the form:

File://<host>/<path>

This is to ensure conformity and consistency with valid URL syntax.

If a browser is not permitted to launch an executable, potential next steps include:

· Attempting alternative browsers

· Change the homepage to the file of interest

· Change browser security settings to allow the executable

‍