Content Discovery Solution

Content Discovery room is a very easy room and it’s about giving more information than solving a machine, its a part of Jr Penetration Testing Path too.

The first part is based on info questions, so only answers will be provided.

What is the Content Discovery method that begins with M?


What is the Content Discovery method that begins with A?


What is the Content Discovery method that begins with O?


The next question, you just need to open the robots.txt

What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?


then you need to get the favicon number , take the md5 hash of it and compare it to known frameworks’ favicons to get what you’re looking for.

the command is already provided where you can copy it.

What framework did the favicon belong to?


same with robots.txt, we have another file called sitemap.

What is the path of the secret area that can be found in the sitemap.xml file?


The next one will teach you on how to get the HTTP Headers of a website which has information about server’s software’s along with other information.

you can get these information using cURL software.

What is the flag value from the X-FLAG header?


What is the flag from the framework’s administration portal?


What Google dork operator can be used to only show results from a particular site?


What online tool can be used to identify what technologies a website is running?


What is the website address for the Wayback Machine?

What is Git?

version control system

What URL format do Amazon S3 buckets end in?

What is the name of the directory beginning “/mo….” that was discovered?


What is the name of the log file that was discovered?


and that is the solution for Content Discovery room