Oh man this one is driving me nuts!.. question 3 on the skills assessment “What is the API key in the hidden admin directory that you have discovered on the target system?”
that I have not seen anyone else mention that seems to be at the root of the issue… any ideas so I can move on with my life and hopefully one day see my family again!
Since it’s a local domain (.htb) don’t spend time on the DNS enumeration. You need gobuster for vhosts or subdomain. Once the tool discovers the subdomain, you need to add it to /etc/hosts so that the IP can resolve to the newly added domain. You repeat this step until you complete all challenges.
EDIT: gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://inlanefreight.htb:40134 --append-domain -t 200 worked this time (i was trying dns and had all types of probs) and finally found a subdomain xD
from there i used gobuster dir to find robots.txt, though i could have just tried it in the browser and got same result, the hidden admin dir.
so im using gobuster dir again to try to enum it, but cant seem to find a good wordlist (i guess thats the issue)
any suggestions from anyone would be greatly appreciated. fairly certain i tried everything mentioned above