Content Discovery
Content discovery allows us to find things that we aren’t supposed to see. For example, we may be able to find the following by traversing the web server as long as we know the names:
- Configuration files
- Passwords and secrets
- Backups
- Content management systems
- Administrator dashboards or portals
Dirbuster is a tool that we can use to automate the content discovery process for us. The tool works by accepting a wordlist which is a file containing everything that we want to search for, and then a few other arguments.
My only learning from this session was how to use the Distributor tool, else the exercise is fairly straightforward – use the dirb command, find the admin link, sign in with default username and password, and finally capture the flag.
