🖼 Description

• Police dept website
• configure scope of the target
• spider the web app
• 10.100.13.5

📊 Goal

• find a hidden path
• bypass authentication by exploiting a "feature"

☑ Steps

1. explore 10.100.13.5
2. configure scope of engagement
3. filter sitemap to show only in-scope items
4. some resources are hidden. manually you can crawl the website. Find a way to automate crawling
5. after getting the hidden path,
   • explore
   • extract useful info
   • "magic tricks"
   • keystone

🏁 Solution

1. configure the in-scope item
   • proxy options
   • sitemap options
   • sitemap filters
2. navigate through target
3. check robots.txt
4. find a hidden path
5. check source of login page