Mohit Blog
Try Hack Me | Web Fundamentals |Content Discovery | By Mohit Damke

Try Hack Me | Web Fundamentals |Content Discovery | By Mohit Damke

Content Discovery | Web Fundamentals | Walkthrough | Try Hack Me

Mohit Damke's photo
Mohit Damke
ยท

3 min read

  • What Is Content Discovery?

    Q: What is the Content Discovery method that begins with M?

    ~ Manually

    Q: What is the Content Discovery method that begins with A?

    ~ Automated

    Q: What is the Content Discovery method that begins with O?

    ~ OSINT

  • Manual Discovery - Robots.txt

    Q: What is the directory in the robots.txt that isn't allowed to be viewed by web crawlers?

    ~ /staff-portal

  • Manual Discovery - Favicon

    Q: What framework did the favicon belong to?

    ~ cgiirc

  • Manual Discovery - Sitemap.xml

  • A sitemap.xml is a file on a website that lists all its pages and helps search engines understand the site's structure.

  • This helps search engines index the pages properly, making the site more visible in search results.

  • It's written in XML format and includes URLs with details like last modification date and how often content changes.

  • Sitemaps aid in efficient crawling and indexing by search engines.

    Q: What is the path of the secret area that can be found in the sitemap.xml file?

    ~ /s3cr3t-area

  • Manual Discovery - HTTP Headers

    Q: What is the flag value from the X-FLAG header?

    ~ THM{HEADER_FLAG}

  • Manual Discovery - Framework Stack

    Q: What is the flag from the framework's administration portal?

    ~ THM{CHANGE_DEFAULT_CREDENTIALS}

  • OSINT - Google Hacking / Dorking

    Q: What Google dork operator can be used to only show results from a particular site?

    ~ site:

  • OSINT - Wappalyzer

    Q: What online tool can be used to identify what technologies a website is running?

    ~ Wappalyzer

  • OSINT - Wayback Machine

    Q: What is the website address for the Wayback Machine?

    ~ https://archive.org/web/

  • OSINT - GitHub

    Q: What is Git?

    ~ version control system

  • OSINT - S3 Buckets

    Q: What URL format do Amazon S3 buckets end in?

    ~ .s3.amazonaws.com

  • Automated Discover

  • Q: What is the name of the directory beginning "/mo...." that was discovered?

    ~ /monthly

    Q: What is the name of the log file that was discovered?

    ~ /development.log

    • Your attention to this matter is greatly appreciated.

    • Anticipating our future interactions, we eagerly await the opportunity to share new write-ups and insightful walkthroughs with you.

    • To maintain a connection and receive updates

      We invite you to follow/connect with us through the following channels:

websitemohitdamketryhackmehacking tools#hacktoberfest
ย