It is Very Simple Lab, the main trick is on the Zone Transferring process and Brute forcing the subdomains, then on some subdomain when u do Zone Transfer u will get the Flag. for the Bruteforce i used subbrute and for the zone transfer i used host
I have done I am stuck ACS m**in user connect to mail server to get flag from email have you done that
WARNING: I will be spoiling a part of this lab
Iāve associated the given IP and domain name, got the subdomains and still not able to determine which one is correct for the zone transfer. Any help would be greatly appreciated!
Any hint? Iām doing the same thing but not coming up with anything
Remember to use the query in this format:
dig DNS @IP
You are not looking up the right subdomain
iām struggling from last 2 weeks and not able to solve. Any hint how to solve this lab?
dm me
Guys please help me, I really donāt know what Iām doing wrong. Two days in here I want to believe thereās something wrong with my pwnbox. Iāve tried axfr with every domain, subbrute works normally, yet nothing
Hey Daniel 
Couple things for you my man:
During your subbrute stage, keep an eye on the domain you are brute forcing. Are you sure you should be doing inlanefreight.com? It might seem confusing since many of the examples have inlanefreight.com as the domain, but look at the question being asked and tweak that domain accordingly. Also your resolvers file entry doesnāt need a subdomain, hint hint. Youāll discover a unique subdomain this way when running the command. And lastly when you are ready to do your last dig AXFR command, be aware of which domain/subdomain you are putting in sequence in the command. The module makes it look like anything with a subdomain goes in the @ parameter but play around with this and you will get your answer.
This one is kind of a doozie but there arenāt many steps. Keep marching forward with confidence
1 Like
Thank you so much, I got it 
I couldnt do it. Any hint?
I just put in the /etc/hosts de subdomain, but nothing.
For anyone still confused you have to update the /etc/host file with the (ip) then ns1.inlanefreight.htb, after that use subbrute. Make sure the resolver.txt is updated correctly with inlanefreight.htb & do not use .com wait like 5-10 minutes for results. Finally use dig for zone transfer. DM me if you still canāt figure it outā¦
1 Like
Adding the IP of the domain AND the address of the dns in /etc/hosts really saved me. Thanks !
Hey Ali88! It wonāt work with the IP in the resolver.txt file? The host file is easy enough to adjust to - just wondering if you tried it that way too.
Use nano to edit the resolver.txt file & put inflanefteight.htb that should be the only thing in there.
Iām going to give your suggestion a try sometime today. I had dropped the IP address into the resolver file and was getting results but it was taking forever. It was working for a while but not finishing that way. Youāre awesome! Thanks for the feedback.
1 Like