1 files changed, 19 insertions, 0 deletions

diff --git a/Information gathering 1/Resources/notes.md b/Information gathering 1/Resources/notes.md
new file mode 100644
index 0000000..8d2ab06
--- /dev/null
+++ b/Information gathering 1/Resources/notes.md
@@ -0,0 +1,19 @@
+## Exploit
+
+[https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage]()
+
+1. Explore public `robots.txt`
+    ```bash
+    ❯ curl http://10.0.2.15/robots.txt
+    User-agent: *
+    Disallow: /whatever
+    Disallow: /.hidden
+    ```
+1. Found a md5 hash for user `root` at `http://10.0.2.15/whatever/htpasswd`
+1. Used [this website](https://md5.gromweb.com/) to reverse lookup the md5 hash and get `qwerty123@`
+1. Found an admin interface by [enumerating some common application admin interfaces] at `http://10.0.2.15/admin`
+1. Logged in the admin interface with the credentials to find the flag
+
+## Fix
+
+`robots.txt` purpose is to mark files and directories as not to be indexed by search engines crawlers. However, it makes anything written there publicly available so it should not contain sensitive data. Instead these resources must be stored outside of the web root and thus not mentionned at all in `robots.txt`.