From cf5cc6e1db519ef7bd1d786656027a64c208d8b9 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Thu, 26 Mar 2026 22:13:08 +0100
Subject: Add information gathering via robots.txt solution

---
 Information gathering 1/Resources/notes.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 Information gathering 1/Resources/notes.md

(limited to 'Information gathering 1/Resources/notes.md')

diff --git a/Information gathering 1/Resources/notes.md b/Information gathering 1/Resources/notes.md
new file mode 100644
index 0000000..8d2ab06
--- /dev/null
+++ b/Information gathering 1/Resources/notes.md	
@@ -0,0 +1,19 @@
+## Exploit
+
+[https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage]()
+
+1. Explore public `robots.txt`
+    ```bash
+    ❯ curl http://10.0.2.15/robots.txt
+    User-agent: *
+    Disallow: /whatever
+    Disallow: /.hidden
+    ```
+1. Found a md5 hash for user `root` at `http://10.0.2.15/whatever/htpasswd`
+1. Used [this website](https://md5.gromweb.com/) to reverse lookup the md5 hash and get `qwerty123@`
+1. Found an admin interface by [enumerating some common application admin interfaces] at `http://10.0.2.15/admin`
+1. Logged in the admin interface with the credentials to find the flag
+
+## Fix
+
+`robots.txt` purpose is to mark files and directories as not to be indexed by search engines crawlers. However, it makes anything written there publicly available so it should not contain sensitive data. Instead these resources must be stored outside of the web root and thus not mentionned at all in `robots.txt`.
-- 
cgit v1.2.3