تقييمات الطلاب
( 5 من 5 )
١ تقييمات
فيديو شرح Web Application Content Enumeration TryHackMe Content Discovery ضمن كورس اختبار اختراق المواقع شرح قناة Motasem Hamdan Cyber Security & Tech، الفديو رقم 32 مجانى معتمد اونلاين
In this video walk-through, we covered discovering and enumerating hidden content on any website. This room was part of TryHackMe Junior Penetration tester pathway.
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
Room Answers
https://motasem-notes.net/web-application-content-enumeration-tryhackme-content-discovery/
TryHackMe Content Discovery
https://tryhackme.com/r/room/contentdiscovery
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:01 - Introduction to Junior Penetration Tester Pathway
0:13 - Revisiting Content Discovery for Web Hacking
0:25 - Intro to Web Hacking Rooms Overview
0:49 - Today's Focus: Content Discovery Techniques
1:10 - Enumerating Web Applications and Hidden Content
1:40 - Exploring the Robots.txt File for Sensitive Paths
3:03 - Navigating to the Staff Portal via Robots.txt
3:55 - Examining Sitemap.xml for URL Structure
5:07 - Finding the Secret Area in Sitemap
5:39 - Identifying Framework Using the Favicon
6:42 - Fetching Favicon MD5 Hash for Framework Detection
9:15 - Checking HTTP Headers for Server Information
11:26 - Locating the X-Flag in HTTP Headers
13:05 - Manually Identifying Web Framework from Comments
14:49 - Using Default Credentials for Admin Login
16:00 - Introduction to Google Dorks for Information Gathering
17:20 - Using Google Search to Enumerate URLs
18:50 - Site-Specific Searches and URL Parameters
19:38 - Using Wappalyzer for Technology Stack Detection
20:13 - Leveraging Wayback Machine for Archived Content
21:03 - Overview of S3 Buckets for File Discovery
21:53 - Automated Tools for Directory Discovery
22:31 - Using DirBuster to Find Hidden Directories
23:47 - Running GoBuster for Content Enumeration
26:54 - Introduction to FFUF for Fuzzing and Directory Enumeration
28:23 - Reviewing Tool Outputs and Comparing Results
30:02 - Answering TryHackMe Challenge Questions
30:14 - Conclusion and Preview of Upcoming Pathway Videos