Skip to main contentSkip to main content
Room Banner
Back to all walkthroughs
Room Icon

Content Discovery

Premium room

Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities.

easy

30 min

267,192

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off
Firstly, we should ask, in the context of web application security, what is content? Content can be many things, a file, video, picture, backup, a website feature. When we talk about content discovery, we're not talking about the obvious things we can see on a website; it's the things that aren't immediately presented to us and that weren't always intended for public access.

This content could be, for example, pages or portals intended for staff usage, older versions of the website, backup files, configuration files, administration panels, etc.

There are three main ways of discovering content on a website which we'll cover. Manually, Automated and (Open-Source Intelligence).

Start the AttackBox (by clicking the blue "Start AttackBox" button), and the machine on this task.
Answer the questions below
What is the Content Discovery method that begins with M?

What is the Content Discovery method that begins with A?

What is the Content Discovery method that begins with O?

We use cookies to ensure you get the best user experience. For more information see our cookie policy.