For the first flag:
Enumerate the host and find a flag.txt flag in an accessible directory.
I must be missing something simple. I’ve brute forced accessible directories on *
blog.inlanefreight.local and none that I’ve found contain a flag.txt. I’ve even gone as far as writing a script to curl every directory I’ve discovered and append flag.txt to look for any 200 responses, and haven’t found anything.
What simple step am I missing?
Sometimes all it takes is asking the question to make the answer painfully obvious.
Run through all the steps taken in the walkthrough of this section and pay close attention to the output of the automated tool.
Read it line by line if you have to
d******** l****** e******
I still can’t find flag.txt LOL
gobuster dir -u http://blog.inlanefreight.local/wp-content/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt