For the first flag: Enumerate the host and find a flag.txt flag in an accessible directory.
I must be missing something simple. I’ve brute forced accessible directories on * blog.inlanefreight.local
and none that I’ve found contain a flag.txt. I’ve even gone as far as writing a script to curl every directory I’ve discovered and append flag.txt to look for any 200 responses, and haven’t found anything.
What simple step am I missing?