If u are still stuck: The domain you should attack is mentioned on the page of the module. I was also stuck before I find it not very intuitive but yeah you got to use that one.
I was stuck in the same way. The challenge is 2-step. First, ask the name server (@resolver.txt) for subdomains. Second, dig for the resource records. You can DM me.
I use subbrute for subdomains 1. [echo “targetIP” > ./resolvers.txt] 2. [python subbrute.py inlanefreight.com -s ./names.txt -r ./resolvers.txt ] and than i checked each subdomain listed with dig any @targetip inlanefreight.htb. am i doing anything wrong?
It looks like you’re using the wrong domain. Go for inlanefreight.htb. It’s not so clear from the exercise. The domain inlanefreight.com is a public one, and inlanefreight.htb is the one that the name server knows (local lab domain).
Anyone can give a hint on how to find the special DNS record? I`ve used subbrute with the correct domain and with the correct resolver, many subdomain appeared but none is the good one.
Whenever I try to add the nameserver in resolvers it says ‘No nameservers found, trying fallback list’ Anyone else seen this error? Fixed it. But still am not able to produce the flag.
I’m using ns1 as the dns server, updated the resolution for it in /etc/hosts. I’m coming up with a few subdomains before subbrute crashes. I’m running a dig on all of the subdomains it finds and I’m not seeing anything that looks like a flag. Where am I going wrong?