welcome back to solution channel today i will make a walkthrough about content discovery room on try hack me uh how to discover the hidden or private content on web server here we have like five tasks about manual discovery after that like five tasks about ascent and the last one about automated discovery we will use like tools and scripts and the stuff we will i will talk about it later so let's start with first one what's content discovery okay let's go to the first okay let's start the machine okay the machine is started so let's check the first question what is the content discovery method that begins with m if we read here in details we can find manually i think it will work okay it works the next one what's the content discovery method that begins with ah which is automated and the other one wasn't okay first task was easy let's go to the next one what is the directory in the robot's text that is not allowed to be viewed by web crawlers okay so if we read about robot's text it's like default text that um list the pages that allow or not allowed to be on the search engine results so if we we go to [Music] our web server and went to robots the txt you like this unknown stuff portal and the question was asking about that but okay let's go to the third task here we have a five five i confirm icon is the icon that found on the tab for example here we have like database about five icon let's see from ours here we have md5 and here it's kind or type so here we have like practical exercise what's framework did b5 icon belong to okay here this question asking about static labs try hackney cloud okay so if we go to the where via source we have like here a path for five icons so this web server using verb icon if we take its md5 sum let's see what will happen and okay we have its md5 copy and go to the database from our wasp to see its type it's like cg i i rc i don't know what is it what it's okay okay it works let's go to manual discovery sitemap dot xml okay here on our web server on our web server we have like default page called site what okay sitemap xml and this question asks us about secret area that found on that path so if we check article id 3 contact customers login and we have secret area here we can take it try it and it works okay let's go to next okay here we have like when you make a request to the sweep server some hitter may never get uh try hack me flag so let's see what will happen if we like get no http the ip then i will use option b which is which means okay here's the request that's sent to the web server and we have like extra flag this except flag give us a try hack me flag so let's see is that work or not okay it works let's go to the next one okay it's about the framework so if we go here view page source and we read the comments we see okay using thm framework with that link and if we get to that link we will see a home nothing change long analog nothing and documentation okay we have like default path and have login page and in that login page we have like admin and admin username and password so if we try it okay we have flag here and it works okay so the idea here is to find the framework and find the default page of that framework let's check is it working or not task number seven here we have google docking let's go to the question here what google door operator can be used to only show results from a particular site if we read here first option site the results returns only from the specified website others okay so if we try it okay that works okay awesome to analyzer i have opalizer here it shows what the web server i use here we have javascript frameworks uh those services try hackney use it use them so it will be like showing us what they are using they are using node they are using anime.css they are using jquery okay so what online tool can be used to identify what technology technologies a website is running okay for sure it is working lines are okay wayback machine what's the website address for the wayback machine it's written here it will be okay fast fast here what is get get is advantage control system so if we try it does it work okay that works and here another one url format do amazon sf3 buckets and and okay we have here like a new paragraph the format of the s3 bucket is here ends with s3 so dot c3 okay so the answer is written here already so you have to just read it here we have automated discovery we have like to use some tool and little scripts to find the hidden directories in the in the web server we have here sorry okay okay here we can use uh we have like three tools all of them works for sure i will go with the go buster i think okay go faster and there is url and write the path from here okay after that let's get the word list we want from user share what we have uh no word list okay we have like uh there i will go in that path and we have like comment dot txt let's see so first question is uh the name of the directory beginning with slash mod so let's see um not yet here we have monthly i think it will work because it starts with mo okay the other one name of the log file that was discovered okay we have log block double below okay we have here log no not that development okay okay we finished the i finished the roll thank you for watching and see you guys in other awesome content