Information Gathering - Web Edition - Skills Assessment

1

Oh man this one is driving me nuts!.. question 3 on the skills assessment “What is the API key in the hidden admin directory that you have discovered on the target system?”

I have tried what I think is everything - FFUF, Final Recon, GoBuster, ReconSpider and read all of the suggestions on the post here: Web Recon Skill Assessment Question 3 - #64 by d3lvx - Absolutely failing! :sob:

I keep getting the error shown in the screenshot

[-] Error : This domain suffix is not supported.

Screenshot 2024-08-02 182611
Screenshot 2024-08-02 1826111920×970 86.9 KB

that I have not seen anyone else mention that seems to be at the root of the issue… any ideas so I can move on with my life and hopefully one day see my family again! :joy:

2

I am half way thru, this is so annoying but here is what you can start with

  1. You mapped ip in /etc/hosts ( You on right path )
  2. Use domain_name instead of ip address, Ex: http://10.0.2.1:45001, Try http://inlanefreight.htb:45001
  3. Use gobuster, try subdomains & vhosts
  4. Map them again in hosts file
  5. Try gobuster again

There are 4 clues in the assessment itself so i managed to get the 3rd one, Good luck :smile:

3

it’s inlanefreight**.com** not .htb for the IANA ID question
you weren’t the only one :tired_face:

4

Thank you both and apologies for my delay in replying. Really appreciate the support as always! :slightly_smiling_face:

5

Since it’s a local domain (.htb) don’t spend time on the DNS enumeration. You need gobuster for vhosts or subdomain. Once the tool discovers the subdomain, you need to add it to /etc/hosts so that the IP can resolve to the newly added domain. You repeat this step until you complete all challenges.