What Is Content Discovery

What is the Content Discovery method that begins with M?

Manually

What is the Content Discovery method that begins with A?

Automated

What is the Content Discovery method that begins with O?

OSINT

Manual Discovery - Robots.txt

What is the directory in the robots.txt that isn't allowed to be viewed by web crawlers?

/staff-portal

Manual Discovery - Favicon

What framework did the favicon belong to?

Run the command shown at the end of the task. Copy the md5-hash and visit the lookup-page. Search for the hash and you get the name.

cgiirc

Manual Discovery - Sitemap.xml

What is the path of the secret area that can be found in the sitemap.xml file?

/s3cr3t-area

Manual Discovery - HTTP Headers

What is the flag value from the X-FLAG header?

Run the curl command given by THM and look for the X-FLAG

THM{HEADER_FLAG}

Manual Discovery - Framework Stack

What is the flag from the framework's administration portal?

Go to the "https://static-labs.tryhackme.cloud/sites/thm-web-framework"-site go tho the "Documentation"-tab to get the required credentials. Go to the "/thm-framework-login"-directory and login using the credentials and you get the flag.

THM{CHANGE_DEFAULT_CREDENTIALS}

OSINT - Google Hacking / Dorking

What Google dork operator can be used to only show results from a particular site?

site:

OSINT - Wappalyzer

What online tool can be used to identify what technologies a website is running?

wappalyzer

OSINT - Wayback Machine

What is the website address for the Wayback Machine?

https://archive.org/web/

OSINT - OSINT - GitHub

What is Git?

version control system

OSINT - S3 Buckets

What URL format do Amazon S3 buckets end in?

s3.amazonaws.com

Automated Discovery

What is the name of the directory beginning "/mo...." that was discovered?

/monthly

What is the name of the log file that was discovered?

development.log