Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities. You can access the room through this link: https://tryhackme.com/room/contentdiscovery
Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Content Discovery” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.
Let me go ahead and deploy the machine.
TASK 1: What Is Content Discovery?
1. What is the Content Discovery method that begins with M?
2. What is the Content Discovery method that begins with A?
3. What is the Content Discovery method that begins with O?
TASK 2: Manual Discovery - Robots.txt
1. What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?
TASK 3: Manual Discovery - Favicon
1. What framework did the favicon belong to?
TASK 4: Manual Discovery - Sitemap.xml
1. What is the path of the secret area that can be found in the sitemap.xml file?
TASK 5: Manual Discovery - HTTP Headers
1. What is the flag value from the X-FLAG header?
TASK 6: Manual Discovery - Framework Stack
1. What is the flag from the framework’s administration portal?
TASK 7: OSINT - Google Hacking / Dorking
1. What Google dork operator can be used to only show results from a particular site?
TASK 8: OSINT - Wappalyzer
1. What online tool can be used to identify what technologies a website is running?
TASK 9: OSINT - Wayback Machine
1. What is the website address for the Wayback Machine?
TASK 10: OSINT - GitHub
1. What is Git?
version control system
TASK 11: OSINT - S3 Buckets
1. What URL format do Amazon S3 buckets end in?
TASK 12: Automated Discovery
1. What is the name of the directory beginning “/mo….” that was discovered?
2. What is the name of the log file that was discovered?
This completes our room and that was it from me. If you enjoyed reading this, do give it a clap and follow me on medium. If you face any problem regarding any solution, feel free to reach me out. Hope you enjoyed reading my work. If you really liked this article, then follow me on medium and follow me up on Twitter and connect with me on LinkedIn. Till then goodbye from my side and Happy Hacking.