Getting Started Module = Web Enumeration.

Hi, I’m stuck on this section of the Getting Started Module.

Can anyone help me with a clue perhaps please ?

What exactly are you stuck on? What is the challenge, what have you done thus far, what commands have you attempted?

Simply saying you are stuck and asking for help isn’t the approach.

So the hint says Everything you need to login is given to you.

I figure it’s something to do with the login page and hidden in the source code.

So i type in the IP address of the target machine into the browser followed by /private like in the lesson the page doesn’t load.

also tried these commands.

└──╼ [★]$ gobuster dns -d -w /home/user106059/SecLists/Discovery/DNS/namelist.txt

Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)

[+] Domain:
[+] Threads: 10
[+] Timeout: 1s
[+] Wordlist: /home/user106059/SecLists/Discovery/DNS/namelist.txt

2021/03/24 09:15:45 Starting gobuster

2021/03/24 09:16:01 Finished

└──╼ [★]$ curl -IL
curl: (28) Failed to connect to port 80: Connection timed out
└──╼ [★]$ curl -IL
HTTP/1.1 200 OK
Date: Wed, 24 Mar 2021 09:19:50 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8

└──╼ [★]$ whatweb
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
ERROR Opening: - execution expired
└──╼ [★]$

└──╼ [★]$ whatweb
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete [200 OK] Apache[2.4.41], Country[UNITED STATES][US], HTML5, HTTPServer[Ubuntu Linux][Apache/2.4.41 (Ubuntu)], IP[], Title[HTB Academy]
└──╼ [★]$

Ok, you’ve gone from not enough information to far too much information! I think part of the problem is that you’re just trying out random commands; with curl -IL for example, what are you trying to find out? How would the header help you here?

I don’t want to spoil the problem, but you should start by thinking about what information might help you, and what commands can help you get that information. The first command presented in the section is a gobuster directory scan - why not try starting with that, and seeing what new information it gives you.

1 Like

super noob here but im motivated. im having a different issue on the same lesson. i can run all of these commands no problem but I dont know what im supposed to be looking for. what is a flag and where should i be looking?

Ok I finally figured it out. Been on this one for 3 days, terrible section 0/10 do not reccomend for beginners. Or maybe its just that i am even less skilled than a beginner. :sob:

Hello guys,

I am newbie and i am stuck at Web Enumeration.

When i click to spawn the target system i am getting the following IP Address:
I cannot execute the commands from the Guide/Tutorial because the IP address: is not unreachable.
Even if i am connected to the VPN: sudo openvpn academy.ovpn
I cannot execute the commands or outside the VPN this IP address is not reachable.

When the system target is with the following IP address: 10.X.X.X everything is working fine and i can execute the commands such as nmap, netcat, curl and etc… But whit this IP range i cannot understand what to do…

This is the result from gobuster:

gobuster dir -u -w /usr/share/dirb/wordlists/common.txt
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
[+] Url:           
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/dirb/wordlists/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
2022/03/27 03:15:55 Starting gobuster in directory enumeration mode
Error: error on running gobuster: unable to connect to Get "": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Can you please give me a tip/advice what should i do with this ip address in order to complete the challenge.

Thanks in advance and looking forward.


After reading carefully i figure out what is wrong :smiley:

I was having a strange issue where I either couldn’t hit the target box, or Apache was replying with a completely blank page. Here’s how I was able to resolve this:

  • In the top right corner of Academy, click on your profile picture and then Vpn Settings.
  • Change your VPN server to a different Academy server and download the .ovpn.
  • Drop the new .ovpn into your Kali/Parrot VM and connect as usual.
  • Click the reset target button that’s next to the IP address of the target on the Web Enumeration page (looks like a refresh icon).
  • Be sure to include the port number. Apache isn’t running on a standard port in this case.
  • You should be able to connect to the box properly. The index page should load a large message that says ‘Welcome to HTB Academy Blog’.

Hi there

I too am stuck on this problem, and gobuster is taking forever to complete, such that the target box times out before the scan can complete. Looking at the examples it seems it is only meant to take a few minutes…

Hi There,

I’ve hit the same issue as you but don’t seem to understand the solution. Are you able to provide a hint as to how you figured out what was wrong?

1 Like

Hi, also really noob here. I have the same exact question. Like I understand that, for example : curl -IL the -IL is a flag. But then I dont understand what they are asking me to find. I found the Admin panel, but thats it (? like what I’m supposed to do with it.

i have the problem. how did you solve it?

What is the actual flag to be gotten?

admin login page would not load for me. used gobuster to find directories. Only robots.txt, wordpress and wordpress/css/ would load.

Hi, this comment actually helped me solve this after getting stuck for a bit. Thank you!

to gobuster speed perfomance i use this command, work really fast gobuster dns -d -w /usr/share/seclists/Discovery/DNS/namelist.txt -t 50