Today im gonna finish the Content Discovery room from the TryHackMe.
You can reach the room from here:
We will learn how can find a content directory in websites. Let’s Go!
First 3 question coming from the above text. We can find answer in What İs Content Discovery text.
- What is the Content Discovery method that begins with M?
- What is the Content Discovery method that begins with A?
- What is the Content Discovery method that begins with O?
When we go to http://10.10.249.237/robots.txt see the directory in pages content and we will go the /staff-portal directory. We can see the “You found the robots.txt endpoint” comment.
- What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?
At favicon section firstly we will go to https://static-labs.tryhackme.cloud/sites/favicon/ website. Then we will run command
And this command give us a md5 hash. When we check to https://wiki.owasp.org/index.php/OWASP_favicon_database
this website find the answer.
- What framework did the favicon belong to?
At Acme IT suppport’s website we going to Sitemap.xml directory and a xml file return. This page has 5 directory. When we check the all directory find the “You found the sitemap endpoint” text.
- What is the path of the secret area that can be found in the sitemap.xml file?
At the HTTP Header section we will request a http://10.10.249.237 with verbose. Verbose give us a x-flag at their response header.
- What is the flag value from the X-FLAG header?
At the Framework Stack section we will go https://static-labs.tryhackme.cloud/sites/thm-web-framework/documentation.html
firstly. Then we can see Admin credential and Acme IT website directory ( /thm-framework-login) at there. When we add the directory back to ip address can see the login page for admins.
- What is the flag from the framework’s administration portal?
At the Google Hacking/Dorking section we will read the all text and answer the question.
- What Google dork operator can be used to only show results from a particular site?
At the Wappalyzer section we will read the all text and answer the question.
- What online tool can be used to identify what technologies a website is running?
- What is the website address for the Wayback Machine?
At the Git section we will read the all text and answer the question.
- What is Git?
version control system
- What URL format do Amazon S3 buckets end in?
At the last question we will discovering automatically.
After execute the commands we will see information above.
- What is the name of the directory beginning “/mo….” that was discovered?
- What is the name of the log file that was discovered?
Thanks for reading.