Task 1 of 4
How Researchers Found 4 Million US Gov Records in an Exposed Backup
In 2015, security researchers discovered that the US Office of Personnel Management had left backup files accessible on a public-facing server. The files contained security clearance records on 4 million federal employees — including fingerprints, financial history, and personal relationships used for background checks.
They weren't hacked through a zero-day. The files were just... there. In a directory that should have been locked down but wasn't. A content discovery scan would have found them in seconds.
WHAT CONTENT DISCOVERY FINDS IN THE WILD
/backup
Database dumps, config archives — often compressed but still downloadable
/.env
.env files with API keys, database passwords, JWT secrets — left on the server by accident
/.git
Exposed git repositories — lets you reconstruct full source code and commit history
/admin
/admin, /dashboard, /panel — admin interfaces left open to the internet
/api/v1/debug
Debug endpoints left enabled in production — dumps config, env vars, routes
/phpinfo.php
Server config dump — PHP version, loaded modules, environment variables
Every single one of these has been found on real bug bounty targets. Some were P1 criticals. Most paid out immediately.
1
Content discovery is about finding hidden paths on a server. What makes this different from subdomain discovery?
Answer all 1 question to continue