Content Discovery room is a very easy room and it’s about giving more information than solving a machine, its a part of Jr Penetration Testing Path too.
The first part is based on info questions, so only answers will be provided.
What is the Content Discovery method that begins with M?
ManuallyWhat is the Content Discovery method that begins with A?
AutomatedWhat is the Content Discovery method that begins with O?
OSINTThe next question, you just need to open the robots.txt
What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?
/staff-portalthen you need to get the favicon number , take the md5 hash of it and compare it to known frameworks’ favicons to get what you’re looking for.
the command is already provided where you can copy it.
What framework did the favicon belong to?
cgiircsame with robots.txt, we have another file called sitemap.
What is the path of the secret area that can be found in the sitemap.xml file?
/s3cr3t-areaThe next one will teach you on how to get the HTTP Headers of a website which has information about server’s software’s along with other information.
you can get these information using cURL software.
What is the flag value from the X-FLAG header?
THM{HEADER_FLAG}What is the flag from the framework’s administration portal?
THM{CHANGE_DEFAULT_CREDENTIALS}What Google dork operator can be used to only show results from a particular site?
site:What online tool can be used to identify what technologies a website is running?
WappalyzerWhat is the website address for the Wayback Machine?
https://archive.org/web/What is Git?
version control systemWhat URL format do Amazon S3 buckets end in?
.s3.amazonaws.comWhat is the name of the directory beginning “/mo….” that was discovered?
/monthlyWhat is the name of the log file that was discovered?
/development.logand that is the solution for Content Discovery room
Recent Comments