Content Discovery [TryHackme+Intro To Web Hacking]

content discovery [tryhackme + junior penetration tester]

✔️ Task 1 What Is Content Discovery?

Answer the following question :

✔️ Task 2 Manual Discovery — Robots.txt

robots.txt

Answer the following question :

✔️ Task 3 Manual Discovery — Favicon

favicon.ico
page source
user@machine$ curl https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico | md5sum 

Answer the following question :

✔️ Task 4 Manual Discovery — Sitemap.xml

sitemap.xml

Answer the following question :

✔️ Task 5 Manual Discovery — HTTP Headers

http headers

answer the following question below :

✔️ Task 6 Manual Discovery — Framework Stack

framework website
sending POST request with curl to login page

Answer the following question :

✔️ Task 7 OSINT — Google Hacking / Dorking

google dork

Answer the following question :

✔️ Task 8 OSINT — Wappalyzer

Answer the following question :

✔️ Task 9 OSINT — Wayback Machine

Answer the following question :

✔️ Task 10 OSINT — GitHub

Answer the following question :

✔️ Task 11 OSINT — S3 Buckets

Answer the following question :

✔️ Task 12 Automated Discovery

user@machine$ ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://10.10.171.253/FUZZ
user@machine$ dirb http://10.10.171.253/ /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt
user@machine$ gobuster dir --url http://10.10.171.253/ -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt
gobuster directory bruteforce

Answer the following question :

--

--

--

enthusiast cyber security learner and penetration tester / ethical hacker , python programmer and in my free time you will find me solving CTFs

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Amazon Rekognition: What is it and How does it Work?

I appeared in an interview and eventually failed to impress

My first job in a tech startup-A retrospective

Keep the Change, You Filthy Animal

DxLaunch Tokenomics

Using GraphQL with Django rest_framework (DRF)

I will convert psd, xd, sketch, ai, figma, pdf, png, jpg, zeplin to wordpress website

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Surya Dev Singh

Surya Dev Singh

enthusiast cyber security learner and penetration tester / ethical hacker , python programmer and in my free time you will find me solving CTFs

More from Medium

ARMssembly 0 [picoCTF]

Hack The Box: Previse Writeup

Linux PrivEsc

Blue TryHackMe Write-Up