Content Discovery
Task 1: What Is Content Discovery?
The answers for these questions were in the reading:
Task 2: Manual Discovery - Robots.txt
I see the following at IP_Address/robots.txt
:
This is what the disallowed endpoint showed:
Task 3: Manual Discovery - Favicon
The THM written part mentioned the command to run: curl https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico | md5sum
I run the command on my local machine:
I then ran a Control-F on https://wiki.owasp.org/index.php/OWASP_favicon_database, and I found this:
The favicon was from cgiirc. Another way to find this was to open the favicon:
If you can read the image, it spells out cgiirc.
Task 4: Manual Discovery - Sitemap.xml
We can look through the sitemap to see if there is anything interesting. I found the following:
This led me to this site:
Task 5: Manual Discovery - HTTP Headers
Running the command mentioned in the Task, I got the following:
Task 6: Manual Discovery - Framework Stack
I accessed the link mentioned in the Task, and got here:
I then went under documentation, and saw the following:
Using those credentials (on that endpoint) I was then able to get the flag:
Task 7: OSINT - Google Hacking / Dorking
You can answer the question by looking at the information provided on the page:
The answer was site:
Task 8: OSINT - Wappalyzer
The answer to this question was based on the reading in the Task: wappalyzer
Task 9: OSINT - Wayback Machine
Similar to the last question, the answer to this question was in the reading as well: https://archive.org/web/
Task 10: OSINT - GitHub
The answer was in the reading:
Task 11: OSINT - S3 Buckets
The answer was once again in the reading:
Task 12: Automated Discovery
I ended up using ffuf
, since it seemed to be the fastest for me in terms of response:
Last updated