Oh man this one is driving me nuts!.. question 3 on the skills assessment “What is the API key in the hidden admin directory that you have discovered on the target system?”
that I have not seen anyone else mention that seems to be at the root of the issue… any ideas so I can move on with my life and hopefully one day see my family again!
Since it’s a local domain (.htb) don’t spend time on the DNS enumeration. You need gobuster for vhosts or subdomain. Once the tool discovers the subdomain, you need to add it to /etc/hosts so that the IP can resolve to the newly added domain. You repeat this step until you complete all challenges.
EDIT: gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://inlanefreight.htb:40134 --append-domain -t 200 worked this time (i was trying dns and had all types of probs) and finally found a subdomain xD
from there i used gobuster dir to find robots.txt, though i could have just tried it in the browser and got same result, the hidden admin dir.
so im using gobuster dir again to try to enum it, but cant seem to find a good wordlist (i guess thats the issue)
any suggestions from anyone would be greatly appreciated. fairly certain i tried everything mentioned above
hello everyone, I have a problem with the directory of the admin it redirects me to port 80 of the subdomain but port80 is closed and I can’t find any other Ip with dig or nslookup
To anyone stuck make sure to do the following:
1.) add all domains and subdomains to /etc/hosts
2.) use gobuster vhost with --append-domain to find new subdomains
3.) use finalrecon --dir or gobuster dir and use a wordlist for dirbuster dirb etc… not subdomains… (USE ON ALL SUBDOMAINS)
4.) remember the basics, if you find a directory (e.g /index.html) Check it out in your browser or with curl -v