Exam 312-50v11 topic 1 question 157 discussion

Information Gathering from Robots.txt File A website owner creates a robots.txt file to list the files or directories a web crawler should index for providing search results. Poorly written robots.txt files can cause the complete indexing of website files and directories. If confidential files and directories are indexed, an attacker may easily obtain information such as passwords, email addresses, hidden links, and membership areas. If the owner of the target website writes the robots.txt file without allowing the indexing of restricted pages for providing search results, an attacker can still view the robots.txt file of the site to discover restricted files and then view them to gather information. An attacker types URL/robots.txt in the address bar of a browser to view the target website’s robots.txt file. An attacker can also download the robots.txt file of a target website using the Wget tool. Certified Ethical Hacker(CEH) Version 11 pg 1650

I would go with robots.txt. The question asks a file and with the content of the robots.txt the hacker can found directories which should be not visible.

Web Server Attack Methodolog Information Gathering from Robots.txt File The robots.txt file contains the list of the web server directories and files that the web site owner wants to hide from web crawlers. Poorly written robots.txt files can cause the complete indexing of website files and directories. If confidential files and directories are indexed, an attacker may easily obtain information such as passwords, email addresses, hidden links, and membership areas. (P.1650/1634)

robots.txt

The answer is B. Robots.txt. It is called comprehensive reading people. The question says which FILE. Robots.txt is a file. Documents Root is a Directory Folder NOT a file. What is a robots txt file used for? A robots. txt file tells search engine crawlers which URLs the crawler can access on your site. This is used mainly to avoid overloading your site with request. It can be used to discover the structure of a website during web-server footprinting.

According CEHv11 P.1650 An attacker can simply request the Robots.txt file from the URL and retrieve sensitive information such as the root directory structure and content management system information about the target website

Answer C: The document root is a directory that is stored on your hosts severs and that is designated for holding web pages.

its robots.txt (underscore)

ANSWRE C. DOCUMENT ROOT

robots.txt

option C is the correct, Document root

Robots.txt should be the right answer. Read the question, it says "file"

Correct answer is Document root: The document root is a directory (a folder) that is stored on your host’s servers and that is designated for holding web pages.

Correct answer is Document root: Explanation: The document root is a directory (a folder) that is stored on your host’s servers and that is designated for holding web pages. When someone else looks at your web site, this is the location they will be accessing. In order for a website to be accessible to visitors, it must be published to the correct directory, the “document root.” You might think that there would only be one directory in your space on your host’s servers, but often hosts provide services beyond just publishing a website. In this case, they are likely to set up every account with several directories, since each service would require its own.