TryHackMe: Content Discovery Writeup
2 min readMar 31, 2022
This room aims to teach the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities. This room can be accessed using this link: https://tryhackme.com/room/contentdiscovery
Task 1: What Is Content Discovery?
- What is the Content Discovery method that begins with M? Answer: Manually
- What is the Content Discovery method that begins with A? Answer: Automated
- What is the Content Discovery method that begins with O? Answer: OSINT
Task 2: Manual Discovery — Robots.txt
- What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers? Answer: /staff-portal
Task 3: Manual Discovery — Favicon
- What framework did the favicon belong to? Answer: cgiirc
Task 4: Manual Discovery — Sitemap.xml
- What is the path of the secret area that can be found in the sitemap.xml file? Answer: /s3cr3t-area
Task 5: Manual Discovery — HTTP Headers
- What is the flag value from the X-FLAG header? Answer: THM{HEADER_FLAG}
Task 6: Manual Discovery — Framework Stack
- What is the flag from the framework’s administration portal? Answer: THM{CHANGE_DEFAULT_CREDENTIALS}
Task 7: OSINT — Google Hacking / Dorking
- What Google dork operator can be used to only show results from a particular site? Answer: SITE:
Task 8: OSINT — Wappalyzer
- What online tool can be used to identify what technologies a website is running? Answer: WAPPALYZER
Task 9: OSINT — Wayback Machine
- What is the website address for the Wayback Machine? Answer: https://archive.org/web/
Task 10: OSINT — GitHub
- What is Git? Answer: version control system
Task 11: OSINT — S3 Buckets
- What URL format do Amazon S3 buckets end in? Answer: .s3.amazonaws.com
Task 12: Automated Discovery
- What is the name of the directory beginning “/mo….” that was discovered? Answer: /monthly
- What is the name of the log file that was discovered? Answer: /development.log
Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/