Open in app

Sign in

Write

Sign in

TryHackMe Content Discovery Walkthrough

Orhan Öztaş
3 min readApr 22, 2022

Today im gonna finish the Content Discovery room from the TryHackMe.

You can reach the room from here:

https://tryhackme.com/room/contentdiscovery

We will learn how can find a content directory in websites. Let’s Go!

First 3 question coming from the above text. We can find answer in What İs Content Discovery text.

  • What is the Content Discovery method that begins with M?

manually

  • What is the Content Discovery method that begins with A?

automated

  • What is the Content Discovery method that begins with O?

osint

When we go to http://10.10.249.237/robots.txt see the directory in pages content and we will go the /staff-portal directory. We can see the “You found the robots.txt endpoint” comment.

  • What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?

/staff-portal

At favicon section firstly we will go to https://static-labs.tryhackme.cloud/sites/favicon/ website. Then we will run command

curl https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico | md5sum

And this command give us a md5 hash. When we check to https://wiki.owasp.org/index.php/OWASP_favicon_database

this website find the answer.

  • What framework did the favicon belong to?

cgiirc

At Acme IT suppport’s website we going to Sitemap.xml directory and a xml file return. This page has 5 directory. When we check the all directory find the “You found the sitemap endpoint” text.

  • What is the path of the secret area that can be found in the sitemap.xml file?

At the HTTP Header section we will request a http://10.10.249.237 with verbose. Verbose give us a x-flag at their response header.

  • What is the flag value from the X-FLAG header?

thm{header_flag}

At the Framework Stack section we will go https://static-labs.tryhackme.cloud/sites/thm-web-framework/documentation.html

firstly. Then we can see Admin credential and Acme IT website directory ( /thm-framework-login) at there. When we add the directory back to ip address can see the login page for admins.

Username: admin

Password: admin

  • What is the flag from the framework’s administration portal?

THM{CHANGE_DEFAULT_CREDENTIALS}

At the Google Hacking/Dorking section we will read the all text and answer the question.

  • What Google dork operator can be used to only show results from a particular site?

site:

At the Wappalyzer section we will read the all text and answer the question.

  • What online tool can be used to identify what technologies a website is running?

Wappalyzer

  • What is the website address for the Wayback Machine?

https://archive.org/web

At the Git section we will read the all text and answer the question.

  • What is Git?

version control system

  • What URL format do Amazon S3 buckets end in?

s3.amazonaws.com

At the last question we will discovering automatically.

After execute the commands we will see information above.

  • What is the name of the directory beginning “/mo….” that was discovered?

/monthly

  • What is the name of the log file that was discovered?

/development.log

Thanks for reading.

\

Cybersecurity
Tryhackme Walkthrough
Tryhackme
Recon
Technology

--

--

Orhan Öztaş

Written by Orhan Öztaş

429 Followers

Cyber Security Consultant. Writing articles for helping you about cyber security.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams